<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0"
     xmlns:content="http://purl.org/rss/1.0/modules/content/"
     xmlns:dc="https://purl.org/dc/elements/1.1/"
     xmlns:dcterms="http://purl.org/dc/terms/"
     xmlns:media="http://search.yahoo.com/mrss/"
     xmlns:atom="http://www.w3.org/2005/Atom"
>
    <channel>
                    <atom:link href="https://www.itpro.com/feeds/tag/microsoft-windows-server" rel="self" type="application/rss+xml" />
                            <title><![CDATA[ Latest from ITPro in Microsoft-windows-server ]]></title>
                <link>https://www.itpro.com/tag/microsoft-windows-server</link>
        <description><![CDATA[ All the latest microsoft-windows-server content from the ITPro team ]]></description>
                                    <lastBuildDate>Mon, 27 Oct 2025 11:29:19 +0000</lastBuildDate>
                            <language>en</language>
                                <item>
                                                            <title><![CDATA[ CISA issues alert after botched Windows Server patch exposes critical flaw ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/cisa-issues-alert-after-botched-windows-server-patch-exposes-critical-flaw</link>
                                                                            <description>
                            <![CDATA[ A critical remote code execution flaw in Windows Server is being exploited in the wild, despite a previous 'fix' ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">JViJkYCeYJs59uj6w7NtPk</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/EbGTn2N3h4AK42zN96ZXjA-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 27 Oct 2025 11:29:19 +0000</pubDate>                                                                                                                                <updated>Mon, 27 Oct 2025 11:30:00 +0000</updated>
                                                                                                                                            <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Emma Woollacott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/aWfskavxoVSMDy6cDWtYmJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/EbGTn2N3h4AK42zN96ZXjA-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Windows logo illuminated in warm white lighting against a purple backdrop pictured at the 2024 Mobile World Congress (MWC) event in Barcelona, Spain.]]></media:description>                                                            <media:text><![CDATA[Windows logo illuminated in warm white lighting against a purple backdrop pictured at the 2024 Mobile World Congress (MWC) event in Barcelona, Spain.]]></media:text>
                                <media:title type="plain"><![CDATA[Windows logo illuminated in warm white lighting against a purple backdrop pictured at the 2024 Mobile World Congress (MWC) event in Barcelona, Spain.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/EbGTn2N3h4AK42zN96ZXjA-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Microsoft has taken a second shot at addressing a critical <a href="https://www.itpro.com/infrastructure/servers-and-storage/microsoft-admits-users-received-unexpected-upgrades-to-windows-server-2025-but-the-issue-has-been-fixed">Windows Server</a> vulnerability that a previous update didn't fully fix – and that's now being exploited in the wild.</p><p>The vulnerability, tracked as <a href="https://www.cve.org/CVERecord?id=CVE-2025-59287" target="_blank"><u>CVE-2025-59287</u></a>, affects Windows Server Update Service (WSUS) in Windows Server (2012, 2016, 2019, 2022, and 2025).</p><p>WSUS is a component of the Windows Server operating system that is designed to simplify the management and distribution of Microsoft product updates and patches. </p><p>Instead of each PC handling this individually, WSUS downloads the updates and stores them, and then distributes them to all computers on the network. </p><p>However, a recent vulnerability allowed for insecure deserialization of untrusted data, which security experts have warned allows unauthenticated attackers to execute arbitrary code.</p><p>"CVE-2025-59287 is a critical RCE vulnerability in Microsoft Windows Server Update Services (WSUS), caused by unsafe deserialization of AuthorizationCookie data through BinaryFormatter in the EncryptionHelper.DecryptData() method," <a href="https://hawktrace.com/blog/CVE-2025-59287-UNAUTH" target="_blank"><u>said</u></a> Hawktrace. </p><p>"The vulnerability allows an unauthenticated attacker to achieve remote code execution with SYSTEM privileges by sending malicious encrypted <a href="https://www.itpro.com/security/361576/what-are-cookies">cookies </a>to the GetCookie() endpoint."</p><p>The company first issued a fix earlier this month. However, since then, security researchers, including Dutch <a href="https://www.itpro.com/security/28133/what-is-cyber-security">cybersecurity </a>firm Eye Security, <a href="https://research.eye.security/wsus-deserialization-exploit-in-the-wild-cve-2025-59287/" target="_blank"><u>said</u></a> they have spotted exploitation of the flaw in the wild. </p><p>"A few days after the public release of the CVE and the blog by HawkTrace, we are now observing active & successful exploitation targeting Windows Server Update Services (WSUS) world-wide, including our customer base," the firm said.</p><p>“Our telemetry shows scanning and exploitation attempts from 207.180.254[.]242,and our scans reveal roughly 2,500 WSUS servers still exposed world-wide, including about 100 in the Netherlands and 250 in Germany."</p><p>Meanwhile, Huntress also <a href="http://www.huntress.com/blog/exploitation-of-windows-server-update-services-remote-code-execution-vulnerability" target="_blank"><u>said</u></a> it has spotted attacks targeting WSUS instances with their default ports (8530/TCP and 8531/TCP) exposed online.</p><p>"We expect exploitation of CVE-2025-59287 to be limited; WSUS is not often exposing ports 8530 and 8531. Across our partner base, we have observed ~25 hosts susceptible."</p><h2 id="windows-server-flaw-prompts-cisa-advisory">Windows Server flaw prompts CISA advisory</h2><p>Warnings have been issued by the <a href="https://advisories.ncsc.nl/2025/ncsc-2025-0310.html" target="_blank"><u>Netherlands National Cyber Security Centre</u></a> (NCSC-NL) and the US <a href="https://www.itpro.com/security/what-is-cisa">Cybersecurity and Infrastructure Security Agency (CISA)</a>.</p><p>"CISA strongly urges organizations to implement Microsoft’s updated Windows Server Update Service (WSUS) Remote Code Execution Vulnerability guidance, or risk an unauthenticated actor achieving remote code execution with system privileges," CISA said in an <a href="https://www.cisa.gov/news-events/alerts/2025/10/24/microsoft-releases-out-band-security-update-mitigate-windows-server-update-service-vulnerability-cve" target="_blank"><u>advisory</u></a>.</p><p>Organizations are advised to identify servers that are currently configured to be vulnerable to exploitation - i.e., those with WSUS Server Role enabled and ports open to 8530/8531 – and deal with these first.</p><p>They should apply the out-of-band security update released on 23 October to all servers identified, and then reboot. If they can't apply the update immediately, system administrators should disable the WSUS Server Role and/or block inbound traffic to ports 8530/8531, the default listeners for WSUS, at the host firewall. </p><p>"Of note, do not undo either of these workarounds until after your organization has installed the update," CISA said.</p><h3 class="article-body__section" id="section-more-from-itpro"><span>MORE FROM ITPRO</span></h3><ul><li><a href="https://www.itpro.com/security/patch-management-why-firms-ignore-vulnerabilities-at-their-own-risk">Why firms ignore vulnerabilities at their own risk</a></li><li><a href="https://www.itpro.com/security/cyber-attacks/threat-actors-exploiting-quickly-what-business-leaders-should-do">Threat actors are exploiting flaws more quickly – here's what business leaders should do</a></li><li><a href="https://www.itpro.com/security/27713/the-importance-and-benefits-of-effective-patch-management">Patch management vs vulnerability management</a></li></ul>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Microsoft hit with £1 billion lawsuit over claims it’s “punishing UK businesses” for using competitor cloud services ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/cloud/cloud-computing/microsoft-hit-with-gbp1-billion-lawsuit-over-claims-its-punishing-uk-businesses-for-using-competitor-cloud-services</link>
                                                                            <description>
                            <![CDATA[ Customers using rival cloud services are paying too much for Windows Server, the complaint alleges ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">ATeYZYSYM9cYsMwwLN7RDJ</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/ZuJetzHeasdfeKBru6ZW4W-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 04 Dec 2024 11:19:22 +0000</pubDate>                                                                                                                                <updated>Wed, 04 Dec 2024 15:58:58 +0000</updated>
                                                                                                                                            <category><![CDATA[Cloud Computing]]></category>
                                                    <category><![CDATA[Cloud]]></category>
                                                                                                                    <dc:creator><![CDATA[ Emma Woollacott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/aWfskavxoVSMDy6cDWtYmJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/ZuJetzHeasdfeKBru6ZW4W-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Logo and branding of Windows Server developer Microsoft pictured on a digital billboard in New York City, USA. ]]></media:description>                                                            <media:text><![CDATA[Logo and branding of Windows Server developer Microsoft pictured on a digital billboard in New York City, USA. ]]></media:text>
                                <media:title type="plain"><![CDATA[Logo and branding of Windows Server developer Microsoft pictured on a digital billboard in New York City, USA. ]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/ZuJetzHeasdfeKBru6ZW4W-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Microsoft is facing a £1 billion lawsuit in the UK over claims that it's been overcharging customers for using rival cloud platforms.</p><p>Those using Amazon Web Services (AWS), <a href="https://www.itpro.com/cloud/cloud-computing/google-cloud-platform-review-a-solid-but-expensive-service-for-cloud-infrastructure">Google Cloud Platform</a> (GCP) or Alibaba Cloud rather than <a href="https://www.itpro.com/microsoft-azure/34048/microsoft-azure-review-competitive-cloud-pricing-takes-a-bite-out-of-aws">Microsoft Azure</a>, it claims, were charged higher licensing fees for <a href="https://www.itpro.com/infrastructure/servers-and-storage/microsoft-admits-users-received-unexpected-upgrades-to-windows-server-2025-but-the-issue-has-been-fixed">Windows Server</a>.</p><p>Customers licensing Windows Server via AWS, Google Cloud Platform, or Alibaba are subject to the <a href="https://www.itpro.com/640375/microsoft-euro-price-hike-could-see-license-costs-rise-by-33">Services Provider License Agreement (SPLA)</a>. The lawsuit alleges users face differences in price and quality compared with the Microsoft Azure licensing deal.</p><p>The case has been filed in the UK’s Competition Appeal Tribunal by Dr Maria Luisa Stasi, a competition law and digital markets regulation expert, through the disputes resolution law firm Scott+Scott.</p><p>"Put simply, Microsoft is punishing UK businesses and organisations for using Google, Amazon and Alibaba for <a href="https://www.itpro.com/627952/what-is-cloud-computing">cloud computing</a> by forcing them to pay more money for Windows Server,” said Stasi. </p><p>“By doing so, Microsoft is trying to force customers into using its cloud computing service Azure and restricting competition in the sector.</p><p>"This lawsuit aims to challenge <a href="https://www.itpro.com/cloud/cloud-computing/cispe-unveils-cloud-watchdog-for-microsoft">Microsoft’s anti-competitive behavior</a>, push them to reveal exactly how much businesses in the UK have been illegally penalized, and return the money to organisations that have been unfairly overcharged."</p><p>According to Stasi, many thousands of businesses and organizations in the UK are likely to have been affected by the charges, with small businesses hit particularly hard.</p><p>Microsoft’s cloud computing practices, including those addressed in the claim, are already under investigation in the UK and elsewhere.</p><p>Communications regulator Ofcom, for example, last year <a href="https://www.itpro.com/cloud/cloud-computing/ofcom-calls-for-uk-cloud-antitrust-probe-amid-competition-concerns">referred the company to the Competition and Markets Authority (CMA)</a>, saying it was concerned that "cloud providers are using their strong position in software products to distort competition". A ruling is likely next summer.</p><p>Similarly, earlier this year <a href="https://www.itpro.com/cloud/cloud-computing/microsoft-has-settled-its-european-cloud-complaint-but-rivals-are-calling-it-a-pay-off">Microsoft paid €20 million to CISPE</a> to settle an antitrust complaint about its cloud computing licensing practices, thus avoiding an EU antitrust investigation. </p><div  class="fancy-box"><div class="fancy_box-title">RELATED WHITEPAPER</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="LjWdHEMBU3LCLK4bVET7Rg" name="Understanding Least Privileges.jpg" caption="" alt="Understanding Least Privileges" src="https://cdn.mos.cms.futurecdn.net/LjWdHEMBU3LCLK4bVET7Rg.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: CyberFox)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/reduce-cyber-risk-stay-in-business"><em>The ultimate guide to cyber insurance</em></a></p></div></div><p>It also promised to make changes to some of its software licensing practices within nine months.</p><p>"Collective actions level the playing field and allow organisations to fight back against anti-competitive behaviour from some of the biggest companies in the world," said James Hain-Cole, partner at Scott+Scott.</p><p>"Dr Stasi’s case against Microsoft aims to do exactly that. We are proud to support her efforts to secure compensation for the class and hold Microsoft to account for its conduct that affects businesses and organisations across the UK economy."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Microsoft admits users received unexpected upgrades to Windows Server 2025 ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/infrastructure/servers-and-storage/microsoft-admits-users-received-unexpected-upgrades-to-windows-server-2025-but-the-issue-has-been-fixed</link>
                                                                            <description>
                            <![CDATA[ Admins spotted last week that Windows Server 2022 had suddenly become 2025 ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">fEz2Q9Vfw6tSzFZQEiMgE7</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/ZuJetzHeasdfeKBru6ZW4W-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 12 Nov 2024 11:03:20 +0000</pubDate>                                                                                                                                <updated>Wed, 13 Nov 2024 11:43:39 +0000</updated>
                                                                                                                                            <category><![CDATA[Servers &amp; Storage]]></category>
                                                    <category><![CDATA[Infrastructure]]></category>
                                                                                                                    <dc:creator><![CDATA[ Nicole Kobie ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/8Y8JDDTQ7XDEk49FoAFP2S.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Nicole Kobie first started writing for ITPro in 2007. As a freelance journalist covering technology and business, Nicole&#039;s work includes  bylines in New Scientist, Wired, PC Pro and many more. &lt;/p&gt;&lt;p&gt;Nicole the author of a book about the history of technology, The Long History of the Future.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/ZuJetzHeasdfeKBru6ZW4W-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Logo and branding of Windows Server developer Microsoft pictured on a digital billboard in New York City, USA. ]]></media:description>                                                            <media:text><![CDATA[Logo and branding of Windows Server developer Microsoft pictured on a digital billboard in New York City, USA. ]]></media:text>
                                <media:title type="plain"><![CDATA[Logo and branding of Windows Server developer Microsoft pictured on a digital billboard in New York City, USA. ]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/ZuJetzHeasdfeKBru6ZW4W-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Microsoft has resolved an issue that saw companies running Windows Server 2022 and Server 2019 unexpectedly upgrading to Windows Server 2025 — despite not paying for the upgrade. </p><p><a href="https://www.itpro.com/infrastructure/servers-and-storage/windows-server-2025-is-now-available-but-microsoft-warns-admins-to-watch-out-for-three-major-bugs-including-one-that-causes-the-dreaded-blue-screen-of-death">Windows Server 2025 was released earlier this month</a> with new features including upgrades to security in Active Directory, hotpatching for hybrid and on-prem clouds, and more. However, it also came with a few notable <u>bugs</u>, including one that crashed computers. </p><p>Shortly after the release, users spotted that older versions of Windows Server were suddenly upgrading to Windows Server 2025. </p><p>One employee of a small business in the UK posted on <a href="https://www.reddit.com/r/sysadmin/comments/1gk2qdu/windows_2022_servers_unexpectedly_upgrading_to/" target="_blank"><u>Reddit</u></a> that Windows 2022 Servers had upgraded themselves to the new version, or were about to do so. </p><p>"This obviously came as a shock as we're not at the point to do so for many reasons and the required licensing would not be present," the user wrote. </p><h2 id="unwanted-windows-server-2025-upgrades">Unwanted Windows Server 2025 upgrades</h2><p>Microsoft said in an <a href="https://learn.microsoft.com/en-us/windows/release-health/status-windows-server-2025#3404msgdesc"><u>update</u></a> that there were two scenarios in which this happened. The first involved devices automatically upgrading to the new OS. </p><p>"This was observed in environments that use third-party products to manage the update of clients and servers," Microsoft explained. </p><p>The tech giant noted the issue had been mitigated, but also advised users to ensure third-party software designed to manage updates be configured to not automatically deploy them. </p><p>Microsoft updated the release under the upgrade classification "optional" — suggesting there was an issue with how the software was classified for admins and third-party software. </p><p>That was backed up in a separate post by a technical manager at security and update software company Heimdal, which noted that the "KB" label appeared to be incorrect. Whether that caused the unexpected updates or not, Microsoft has fixed the "KB" issue. </p><p>"The Windows Server 2025 feature update was made generally available on November 1, 2024, as KB5044284, which was the same KB number used for Windows 11, version 24H2," Microsoft said in its update. </p><div  class="fancy-box"><div class="fancy_box-title">RELATED WEBINAR</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="fUw2H2kHczrC4Ns3iUDeBB" name="Are you prepared for the next attack_ The state of application security in 2024.jpg" caption="" alt="Are you prepared for the next attack? The state of application security in 2024" src="https://cdn.mos.cms.futurecdn.net/fUw2H2kHczrC4Ns3iUDeBB.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Cloufdlare)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/are-you-prepared-for-the-next-attack-the-state-of-application-security-in-2024"><em>The latest application and API security threat research</em></a></p></div></div><p>"This was the KB numbering for both these client and server Windows updates available at that time. Future updates released for Windows Server 2025 and Windows 11, version 24H2 will share the same KB numbers, but will have different release note sites and links."</p><p>Regardless of whether third-party management software is to blame or Microsoft itself, plenty of admins had a tough week. </p><p>"It's not been a great week at work, too much time lost on this, and the outcome is that in some instances backups have come into play however Windows Server 2025 licensing will have to be purchased for others," the small business employee noted in their <a href="https://www.reddit.com/r/sysadmin/comments/1gk2qdu/windows_2022_servers_unexpectedly_upgrading_to/"><u>post</u></a>. </p><p>The second unexpected upgrade scenario involved a banner displayed on the device's Windows Update page in Settings, offering an upgrade to the new OS. </p><p>"This message is intended for organizations that want to execute an in-place upgrade," the company said, adding that the issue had since been resolved. </p><h2 id="recurring-issues">Recurring issues</h2><p>Microsoft quickly spotted three bugs in Server 2025 - one that meant English text was shown during installation, even if it wasn't the default language, and a second that limited the OS from running on devices with a high core count, sparking crashes, blue screens and long restarts. </p><p>Similarly, a third error popped up saying "boot device inaccessible" in iSCSI environments. </p><p>Microsoft has acknowledged all three issues, <a href="https://learn.microsoft.com/en-us/windows/release-health/status-windows-server-2025"><u>saying</u></a> it is working on a resolution for each, and promising a solution in a future Windows monthly update for the core count and iSCSI bugs, and merely more information for the English text issue. </p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Windows Server 2025 is now available – but Microsoft warns admins to watch out for three major bugs, including one that causes the dreaded blue screen of death ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/infrastructure/servers-and-storage/windows-server-2025-is-now-available-but-microsoft-warns-admins-to-watch-out-for-three-major-bugs-including-one-that-causes-the-dreaded-blue-screen-of-death</link>
                                                                            <description>
                            <![CDATA[ Microsoft promises security, performance, and cloud agility upgrades for Windows Server 2025 — but bugs ruin the party ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">2wPjxMYkbdHyePy7YhJFWc</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/kYqf4bFZn2deGUnjasVn8Y-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 05 Nov 2024 15:28:35 +0000</pubDate>                                                                                                                                <updated>Tue, 05 Nov 2024 15:29:37 +0000</updated>
                                                                                                                                            <category><![CDATA[Servers &amp; Storage]]></category>
                                                    <category><![CDATA[Infrastructure]]></category>
                                                                                                                    <dc:creator><![CDATA[ Nicole Kobie ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/8Y8JDDTQ7XDEk49FoAFP2S.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Nicole Kobie first started writing for ITPro in 2007. As a freelance journalist covering technology and business, Nicole&#039;s work includes  bylines in New Scientist, Wired, PC Pro and many more. &lt;/p&gt;&lt;p&gt;Nicole the author of a book about the history of technology, The Long History of the Future.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/kYqf4bFZn2deGUnjasVn8Y-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Microsoft logo and branding pictured on illuminated signage in New York, US, on Friday, Oct. 25, 2024]]></media:description>                                                            <media:text><![CDATA[Microsoft logo and branding pictured on illuminated signage in New York, US, on Friday, Oct. 25, 2024]]></media:text>
                                <media:title type="plain"><![CDATA[Microsoft logo and branding pictured on illuminated signage in New York, US, on Friday, Oct. 25, 2024]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/kYqf4bFZn2deGUnjasVn8Y-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Microsoft has released the latest version of its server operating system, Windows Server 2025 — but it comes alongside a trio of bugs. </p><p>Windows Server 2025 is Microsoft's latest version of its server OS, following on from Windows Server 2022. The new version is arriving alongside System Center 2025, which Microsoft <a href="https://www.microsoft.com/en-us/windows-server/blog/2024/11/04/windows-server-2025-now-generally-available-with-advanced-security-improved-performance-and-cloud-agility/" target="_blank"><u>said</u></a> means it's possible to "make the most” of new features immediately. </p><p>The tech giant promises better security, performance, and "cloud agility" with the latest version, but warned admins to be wary of three bugs during the installation process that include an issue that causes blue screen errors in systems with a high core count. </p><p>"Generally available today, Windows Server 2025 builds on our mission to deliver a secure and high-performance Windows Server platform tailored to meet customers’ diverse needs," wrote Ian LeGrow, corporate vice president for <a href="https://www.itpro.com/microsoft-azure/34048/microsoft-azure-review-competitive-cloud-pricing-takes-a-bite-out-of-aws">Azure</a> Edge and Platform, in a <a href="https://www.microsoft.com/en-us/windows-server/blog/2024/11/04/windows-server-2025-now-generally-available-with-advanced-security-improved-performance-and-cloud-agility/" target="_blank"><u>blog post</u></a>. </p><p>"This release will enable you to deploy apps in any environment, whether on-premises, hybrid environments, or in the cloud."</p><h2 id="key-features-in-windows-server-2025">Key features in Windows Server 2025</h2><p>On the security front, Microsoft has beefed up security in <a href="https://www.itpro.com/cloud/microsoft-azure/358248/microsoft-will-soon-offer-9999-uptime-for-azure-active-directory">Active Directory</a>, including new cryptographic support, and added new techniques for preventing a range of attacks against server message block (SMB), including hardened <a href="https://www.itpro.com/cloud/cloud-security/what-is-firewall-as-a-service-fwaas">firewall</a> defaults and protections against brute force, spoofing, and <a href="https://www.itpro.com/119212/man-in-the-middle-attacks-on-the-rise">man in the middle attacks</a>. </p><p>For cloud users, Microsoft highlighted a few notable features, such as hotpatching for hybrid and <a href="https://www.itpro.com/cloud/cloud-computing/aws-says-enterprises-are-moving-back-on-prem-but-does-cloud-repatriation-really-threaten-hyperscalers">on-prem clouds</a>, though this will require an additional subscription fee. </p><p>"Customers operating fully in the cloud have inherent modern security advantages like automatic software updates and back-up and recovery," LeGrow wrote. </p><p>"Now we’re bringing some of those capabilities to Windows Server 2025 for on-premises customers with a new hotpatching subscription service, enabled by Azure Arc. With hotpatching, customers will experience fewer reboots and minimal disruption to operations."</p><p>Alongside that, Microsoft has integrated Azure Arc for easier onboarding and operational flexibility, unified network policy management, and software-defined network multisite features for easier migration and management. </p><p>Microsoft of course can't fail to mention AI. LeGrow said Windows Server 2025 was designed for demanding workloads including AI and machine learning. </p><p>"Windows Server 2025 delivers up to 60% more storage IOPs performance compared to Windows Server 2022 on identical systems," he said. "Windows Server 2025 introduces massive performance and scalability improvements that come from Azure."</p><p>Alongside the new features, Microsoft is also killing off a few. That includes WordPad, Windows PowerShell 2.0 engine, and the SMTP service. </p><h2 id="watch-out-for-the-bugs">Watch out for the bugs</h2><p>Microsoft has <a href="https://learn.microsoft.com/en-us/windows/release-health/status-windows-server-2025"><u>warned about three particular issues</u></a> that may crop up during installation. The tech giant confirmed it is working on addressing all three bugs, which have varying levels of seriousness. </p><p>The <a href="https://learn.microsoft.com/en-us/windows/release-health/status-windows-server-2025#some-text-might-appear-in-english-during-the-installation-process" target="_blank"><u>first bug</u></a> might show English text during installation, regardless of the language selected. As Microsoft points out, that won't affect English-language users, but "will be noticeable if a language other than English is selected for installation." </p><p>However, this error only happens if using a CD or USB drive to install Windows Server 2025.</p><p>The <a href="https://learn.microsoft.com/en-us/windows/release-health/status-windows-server-2025#windows-server-2025-might-not-run-as-expected-on-devices-with-high-core-count" target="_blank"><u>second</u></a> means Windows Server 2025 might not run properly on devices with a high core count. Microsoft said it appears to be happening on servers with more than 256 cores, and is causing the installation or upgrade to fail or stop, long restarts of three hours or more, and a blue screen error. </p><p>The issue doesn't seem to happen on all systems with high core counts, but if it does, limit the number of cores below 256 for installation. </p><p>Finally, the <a href="https://learn.microsoft.com/en-us/windows/release-health/status-windows-server-2025#error--boot-device-inaccessible--might-appear-in-iscsi-environments" target="_blank"><u>third</u></a> issue includes an error saying "boot device inaccessible" may be displayed in iSCSI environments during startup after installation of Windows Server 2025. </p><h2 id="key-details">Key details </h2><p>Windows Server 2025 is available immediately, alongside System Centre 2025. As a long-term release, it will have extended support until 2034, and mainstream support until 2029. </p><p>It is possible to upgrade directly to Windows Server 2025 from as far back as Windows Server 2012 R2. Windows Server 2022 will be supported until October 2026. </p><p>Windows Server 2025 will work with most 64-bit processors, and Microsoft has released a <a href="https://learn.microsoft.com/en-us/windows-hardware/design/minimum/windows-processor-requirements#windows-server-processors"><u>full list of certified processors</u></a>. </p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Microsoft issues emergency fixes for wide-reaching Kerberos issues ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/software/369550/microsoft-patches-kerberos-issues-in-emergency-update</link>
                                                                            <description>
                            <![CDATA[ The tech giant released updates for domain controllers after swathes of IT teams reported authentication issues within their organisations ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">qKDrLa5MiShirA9RZniJGd</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/LJdoKqfuA7B8dZaTaii8pF-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 21 Nov 2022 15:00:19 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Microsoft]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                                                                                    <dc:creator><![CDATA[ Zach Marzouk ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/ncLkbsDMZ6b76Lc5iS6mZh.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/LJdoKqfuA7B8dZaTaii8pF-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[The Microsoft logo as seen in large print fixed onto a glass building]]></media:description>                                                            <media:text><![CDATA[The Microsoft logo as seen in large print fixed onto a glass building]]></media:text>
                                <media:title type="plain"><![CDATA[The Microsoft logo as seen in large print fixed onto a glass building]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/LJdoKqfuA7B8dZaTaii8pF-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Microsoft has released emergency out-of-band (OOB) updates to fix Kerberos authentication issues that were affecting a large proportion of enterprise users.</p><p>The tech giant released the <a href="https://www.itpro.com/operating-systems/microsoft-windows/369111/windows-11-update-2022" target="_blank" data-original-url="https://www.itpro.com/operating-systems/microsoft-windows/369111/windows-11-update-2022">updates</a> on 17 and 18 November for all domain controllers (DCs) in affected environments. Microsoft aimed to fix an issue which could cause sign-in failures in Kerberos, Microsoft's longstanding default authentication protocol.</p><p>System administrators' complaints began last week when many reported various processes breaking within their organisation. Faults in Kerberos can lead to issues relating to user sign-ins, Internet Information Services (IIS Web Server), remote desktop connections, and accessing shared folders, among others.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/369065/three-critical-vulnerabilities-and-one-zero-day-feature-in-microsofts-september-patch-tuesday" data-original-url="/security/369065/three-critical-vulnerabilities-and-one-zero-day-feature-in-microsofts-september-patch-tuesday">Three critical vulnerabilities and one zero-day feature in Microsoft's September Patch Tuesday</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/369296/microsoft-still-searches-for-zero-day-fixes-following-patch-tuesday" data-original-url="/security/369296/microsoft-still-searches-for-zero-day-fixes-following-patch-tuesday">Microsoft still searching for zero-day fixes following Patch Tuesday</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/vulnerability/354524/microsoft-to-patch-extraordinarily-serious-cryptographic-flaw" data-original-url="/security/vulnerability/354524/microsoft-to-patch-extraordinarily-serious-cryptographic-flaw">Microsoft to patch ‘extraordinarily serious’ cryptographic flaw</a></p></div></div><p>“You do not need to install any update or make any changes to other servers or client devices in your environment to resolve this issue,” said Microsoft. “If you used any workaround or mitigations for this issue, they are no longer needed, and we recommend you remove them.”</p><p>Users can access the updates by searching for the Microsoft knowledge base (KB) number in the Microsoft Update Catalog. Alternatively, the updates can be imported manually into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager for those organisations that use the tools to manage their IT estate.</p><p>There are cumulative updates available:</p><ul><li><a href="https://www.itpro.com/software/operating-systems/368298/windows-10-vs-windows-11-which-is-best-for-business" target="_blank" data-original-url="https://www.itpro.com/software/operating-systems/368298/windows-10-vs-windows-11-which-is-best-for-business">Windows</a> Server 2022: KB5021656</li><li>Windows Server 2019: KB5021655</li><li>Windows Server 2016: KB5021654</li></ul><p>Users don’t need to apply any previous updates before installing these ones. Microsoft said that users don’t have to uninstall the affected updates before installing any later updates either.</p><p>There are also standalone updates available:</p><ul><li>Windows Server 2012 R2: KB5021653</li><li>Windows Server 2012: KB5021652</li><li>Windows Server 2008 R2 SP1: KB5021651 (released November 18, 2022)</li><li>Windows Server 2008 SP2: KB5021657</li></ul><p>Users that are deploying security-only updates for these Windows Server versions only have to install the standalone updates for November 2022. They will also need to install previous <a href="https://www.itpro.com/security/cyber-security/368543/six-cyber-security-holes-you-need-to-plug-now" target="_blank" data-original-url="https://www.itpro.com/security/cyber-security/368543/six-cyber-security-holes-you-need-to-plug-now">security</a> updates to be fully up-to-date since these aren’t cumulative. </p><h2 id="what-were-the-issues-affecting-kerberos">What were the issues affecting Kerberos?</h2><p>Microsoft was forced to introduce an emergency update to fix a number of updates it implemented on 8 November.</p><p>The tech giant said that users could encounter a number of issues with Kerberos authentication. This could affect domain user sign-in, group managed service accounts (gMSA), and <a href="https://www.itpro.com/mobile/remote-access/368050/best-free-remote-desktop-software" target="_blank" data-original-url="https://www.itpro.com/mobile/remote-access/368050/best-free-remote-desktop-software-in-2022">remote desktop</a> connections.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="ggJeHVj3YY3t5gUSpYctgH" name="ggJeHVj3YY3t5gUSpYctgH.jpg" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/ggJeHVj3YY3t5gUSpYctgH.jpg" mos="https://cdn.mos.cms.futurecdn.net/ggJeHVj3YY3t5gUSpYctgH.jpg" link="" align="" fullscreen="" width="0" height="0" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div></figure><p class="fancy-box__body-text"><strong>How organisations drive employee empowerment and business results with leading digital technology</strong></p><p class="fancy-box__body-text">What you can achieve with a leading approach to digital work</p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/business-strategy/digital-transformation/369512/how-organisations-drive-employee-empowerment-and" data-original-url="/business-strategy/digital-transformation/369512/how-organisations-drive-employee-empowerment-and">FREE DOWNLOAD</a></p></div></div><p>Additionally, users might have been unable to access shared folders on workstations and file shares on servers, as well as printing that needed domain user authentication.</p><p>When encountering the issue, Microsoft said that admins might receive a Microsoft-Windows-Kerberos-Key-Distribution-Center Event ID 14 error event in the event log system section on a DC, displaying the text: <em>'While processing an AS request for target service {service}, the account {account name} did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 1). The requested etypes : 18 3. The accounts available etypes : 23 18 17. Changing or resetting the password of {account name} will generate a proper key'.</em></p><p>The tech giant said that the issue isn’t part of a security hardening for Netlogon and Kerberos which began with the November security update. Devices used at home by consumers, or those that aren’t linked to an on-premise domain, won’t be affected by the problem.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Windows Server admins say latest Patch Tuesday broke authentication policies ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/infrastructure/server-storage/367663/windows-admin-patch-tuesday-authentication-bug</link>
                                                                            <description>
                            <![CDATA[ Microsoft has issued a workaround for the certificate-mapping issue, but many have already rolled back the updates to avoid operational disruption ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">fFfwsQ8LEu5Q2J4h1SLGdu</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/gwU5VkfGCv8aiJ5HPYVvcU-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 12 May 2022 11:50:56 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Connor Jones ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/LPjgE2kGKixS9aF7Jdp2mT.png ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/gwU5VkfGCv8aiJ5HPYVvcU-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Image of a server rack with lens flare on the corner of the image]]></media:description>                                                            <media:text><![CDATA[Image of a server rack with lens flare on the corner of the image]]></media:text>
                                <media:title type="plain"><![CDATA[Image of a server rack with lens flare on the corner of the image]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/gwU5VkfGCv8aiJ5HPYVvcU-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>IT administrators are reporting authentication issues after installing the most recent May 2022 Patch Tuesday security updates, released this week.</p><p>Online discussions suggest that a number of businesses are experience issues, specifically those that installed the updates on Windows Servers that also serve the domain controller (DC) and Active Directory Certificate Services (ACDS) roles.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/server-storage/microsoft-windows-server/362009/windows-server-admins-agree-to-forgo-broken-patches" data-original-url="/server-storage/microsoft-windows-server/362009/windows-server-admins-agree-to-forgo-broken-patches">Windows Server admins agree to forgo broken patches</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/367641/actively-exploited-windows-vulnerability-reaches-peak-severity" data-original-url="/security/367641/actively-exploited-windows-vulnerability-reaches-peak-severity">Actively exploited Windows vulnerability reaches peak severity when paired with popular attack</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/operating-systems/microsoft-windows/361465/windows-11-problems-and-how-to-fix-them" data-original-url="/operating-systems/microsoft-windows/361465/windows-11-problems-and-how-to-fix-them">Most common Windows 11 problems and how to fix them</a></p></div></div><p>According to some admins, Network Policy Server (NPS) policies were reported to be failing, returning an error which read that ‘authentication failed due to a user credential mismatch. Either the user name provided does not map to an existing account or the password was incorrect’.</p><p>Others said their Windows Server, which was serving only the DC role, not the ACDS role too, experienced the same issues with failing NPS policies. Removing the KB5013941 update reportedly fixed the issue.</p><p>One individual reported that in their environment they run separate servers for DC and NPS, and came to the conclusion that the NPS servers may be patchable, but DC servers may need to have the update rolled back, after testing the updates on each.</p><p>“FYI we're aware of the NPS issue,” <a href="https://twitter.com/SteveSyfuhs/status/1524570912275587072">said</a> Steve Syfuhs, senior software engineer focusing on cryptography, authentication, and identity at Microsoft. “It's not related to NPS specifically but rather with how we're distinguishing between different kinds of names in the certificates. Only a subset of folks are affected by this.”</p><p>Syfuhs addressed users in a separate Twitter discussion and confirmed that Microsoft is looking into the issues that are being reported by numerous IT admins.</p><div class="see-more see-more--clipped"><blockquote class="twitter-tweet hawk-ignore" data-lang="en"><p lang="en" dir="ltr"><a href="https://twitter.com/cantworkitout/status/1524413709036113921"></a></p></blockquote><div class="see-more__filter"></div></div><p>“After installing updates released May 10, 2022 on your domain controllers, you might see authentication failures on the server or client for services such as Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP),” Microsoft said in an <a href="https://docs.microsoft.com/en-us/windows/release-health/status-windows-11-21h2#you-might-see-authentication-failures-on-the-server-or-client-for-services">issues document</a>. “An issue has been found related to how the mapping of certificates to machine accounts is being handled by the domain controller.”</p><p>The issues currently experienced by Windows Server administrators are due to the way in which Microsoft fixed two ‘high severity’ privilege escalation vulnerabilities, tracked as <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-26931">CVE-2022-26931</a> and <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-26923">CVE-2022-26923</a>, in <a href="https://www.itpro.com/security/367641/actively-exploited-windows-vulnerability-reaches-peak-severity" data-original-url="https://www.itpro.com/security/367641/actively-exploited-windows-vulnerability-reaches-peak-severity">Tuesday's round of monthly security fixes</a>.</p><p>Online discussions in the early hours after the <a href="https://www.itpro.com/operating-systems/microsoft-windows/367333/windows-autopatch-automated-updates" data-original-url="https://www.itpro.com/operating-systems/microsoft-windows/367333/windows-autopatch-automated-updates">security patches</a> were released appeared to show users were able to apply the updates without issues, only for Windows Server issues to emerge later.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="d25pnmHteqMFEXehyV5g2n" name="d25pnmHteqMFEXehyV5g2n.png" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/d25pnmHteqMFEXehyV5g2n.png" mos="https://cdn.mos.cms.futurecdn.net/d25pnmHteqMFEXehyV5g2n.png" link="" align="" fullscreen="" width="0" height="0" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div></figure><p class="fancy-box__body-text"><strong>Securing endpoints amid new threats</strong></p><p class="fancy-box__body-text">Ensuring employees have the flexibility and security to work remotely</p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/technology/367650/securing-endpoints-amid-new-threats" data-original-url="/technology/367650/securing-endpoints-amid-new-threats">FREE DOWNLOAD</a></p></div></div><p>Earlier this year, many Windows Server administrators collectively agreed to <a href="https://www.itpro.com/server-storage/microsoft-windows-server/362009/windows-server-admins-agree-to-forgo-broken-patches" data-original-url="https://www.itpro.com/server-storage/microsoft-windows-server/362009/windows-server-admins-agree-to-forgo-broken-patches">forgo the security patches</a> issued by Microsoft, citing numerous issues that led to operational disruption so severe that they thought they were better left unprotected from the security patches than to update and apply workarounds.</p><p>Microsoft has issued a recommended mitigation for admins who want a workaround to the issue with the certificates but do not want to roll back the latest update as others already have done, leaving themselves unprotected.</p><p>The workaround involves manually mapping certificates to a machine account in Active Directory, Microsoft said. If the recommended mitigation does not work, admins are encouraged to examine the related <a href="https://support.microsoft.com/en-gb/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16#bkmk_certmap">support document</a> for other potential methods to resolve the issues they are experiencing.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Windows Server admins agree to forgo broken patches ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/server-storage/microsoft-windows-server/362009/windows-server-admins-agree-to-forgo-broken-patches</link>
                                                                            <description>
                            <![CDATA[ Many administrators have agreed to wait until February's round of patches to avoid operational disruption caused by broken fixes ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">c8sYP5unDHuwZBVNNHjtHj</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/p6u7QoM8iRqshJDtfNp33e-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 19 Jan 2022 10:45:34 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Connor Jones ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/LPjgE2kGKixS9aF7Jdp2mT.png ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/p6u7QoM8iRqshJDtfNp33e-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Image of a server rack]]></media:description>                                                            <media:text><![CDATA[Image of a server rack]]></media:text>
                                <media:title type="plain"><![CDATA[Image of a server rack]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/p6u7QoM8iRqshJDtfNp33e-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Microsoft has released an emergency out-of-band (OOB) update full to address an array of issues found in last week's Windows Server patch, but IT administrators are in agreement that they will not apply them.</p><p>Last week's <a href="https://www.itpro.com/security/cyber-security/361956/microsoft-january-patch-tuesday-critical-rce-flaws" data-original-url="https://www.itpro.com/security/cyber-security/361956/microsoft-january-patch-tuesday-critical-rce-flaws">Patch Tuesday</a> fixed a host of issues across Microsoft products, including a number of <a href="https://www.itpro.com/security/zero-day-exploit/360447/why-zero-day-exploits-are-surging-on-an-unprecedented-scale" data-original-url="https://www.itpro.com/security/zero-day-exploit/360447/why-zero-day-exploits-are-surging-on-an-unprecedented-scale">zero-day vulnerabilities</a>, but Windows Server administrators have complained that some of the patches released have created even more problems.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them" data-original-url="/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them">17 common Windows 10 problems and how to fix them</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/operating-systems/microsoft-windows/361465/windows-11-problems-and-how-to-fix-them" data-original-url="/operating-systems/microsoft-windows/361465/windows-11-problems-and-how-to-fix-them">Most common Windows 11 problems and how to fix them</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/operating-systems/microsoft-windows/360105/windows-11-review" data-original-url="/operating-systems/microsoft-windows/360105/windows-11-review">Microsoft Windows 11 review: The more things change, the more they stay the same</a></p></div></div><p>Because of the issues introduced by the most recent cumulative patches, IT administrators discussing the issues on <a href="https://www.reddit.com/r/sysadmin/comments/s6vllw/microsoft_releases_emergency_fixes_for_windows">Reddit</a> are mostly in agreement that <a href="https://www.itpro.com/security/27713/the-importance-and-benefits-of-effective-patch-management" data-original-url="https://www.itpro.com/security/27713/the-importance-and-benefits-of-effective-patch-management">forgoing the patches</a> and waiting for the next cumulative update in February is the best course of action to minimise operational disruption and complexity.</p><p>The patches issued last week have been breaking a number of key components in business environments and the solution many administrators have turned to is to uninstall the updates entirely. </p><h3 class="article-body__section" id="section-four-main-flaws"><span>Four main flaws</span></h3><p>The <a href="http://docs.microsoft.com/en-us/windows/release-health/windows-message-center#2777">latest out-of-band update</a> from Microsoft issued this week aims to address the issues faced by businesses running Windows Servers but in some cases, it first requires administrators to install the broken patch from last week.</p><p>The issues businesses are currently facing include <a href="https://docs.microsoft.com/en-us/windows/release-health/status-windows-server-2022#2775msgdesc">domain controllers unexpectedly restarting</a> and entering boot loops every few minutes. The issue is thought to affect all supported Windows Server versions and the failure in the LSASS.exe process means Windows cannot run correctly.</p><p>Microsoft Hyper-V is also affected by the patches, with enterprise virtual machines (VMs) <a href="https://docs.microsoft.com/en-us/windows/release-health/status-windows-8.1-and-windows-server-2012-r2#2776msgdesc">failing to start on some Windows Servers</a>. In addition, ReFS-formatted removable media is <a href="https://support.microsoft.com/en-gb/topic/kb5010691-refs-formatted-removable-media-may-fail-to-mount-or-mounts-as-raw-after-installing-the-january-11-2022-windows-updates-7a959f37-91b6-4baf-a797-829b0ee86c65">failing to mount post-patch</a>, which has caused issues for administrators thinking their external drives were corrupted. Numerous reports of experts formatting their drives after applying last week's patches, only to realise it was in vain, have appeared on social media, too. </p><p>To cap off a bug-laden release of patches, some <a href="https://docs.microsoft.com/en-us/windows/release-health/status-windows-11-21h2#2773msgdesc">L2TP VPN connections are also failing</a> across <a href="https://www.itpro.com/operating-systems/microsoft-windows/361465/windows-11-problems-and-how-to-fix-them" data-original-url="https://www.itpro.com/operating-systems/microsoft-windows/361465/windows-11-problems-and-how-to-fix-them">Windows 11</a>, <a href="https://www.itpro.com/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them" data-original-url="https://www.itpro.com/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them">Windows 10</a>, and certain Windows Server versions. </p><p>Microsoft has issued fixes the all of the aforementioned issues and aside from the ReFS-formatted media issues, they are cumulative updates which means they do not require administrators to install the broken patch from last week first. </p><p>The updates are available in the <a href="https://www.catalog.update.microsoft.com">Microsoft Update Catalogue</a> which also has instructions on how to install the updates manually into Windows Server Update Service (WSUS).</p><h3 class="article-body__section" id="section-a-risky-response"><span>A risky response?</span></h3><p>Despite most of the updates being cumulative, IT admins are seemingly still in agreement that they will be waiting until February, or until a fully safe wave of patches arrives, to fix the Windows Server issues.</p><p>One user said: "I'll be waiting on the cumulative... I'm not reinstalling a broken patch I just removed from a bunch of servers to then have to immediately apply a fix to said patch."</p><p>Another user said installing the out-of-band update made matters worse: "[We] received the bad updates this morning, and Exchange wouldn't see the Active Directory (AD) environment anymore. I saw the optional OOB update and installed that - [it] actually made the problem worse. I removed all of the updates and AD was back to being seen and Exchange was finally working."</p><p>Weighing in on the matter, outside experts have said the idea of forgoing updates is one that shouldn't be taken lightly and the risks of leaving environments open to known vulnerabilities need to be considered on balance with the potential disruption the updates themselves could cause an organisation.</p><iframe allow="encrypted-media" frameborder="0" height="" width="100%" data-lazy-priority="low" data-lazy-src="https://open.spotify.com/embed-podcast/episode/2znUT5UIPFAM1pGya83iwT"></iframe><p>"This is very much a question of risk management and risk assessment," said Andy Norton, European cyber risk officer at Armis to <em>IT Pro.</em> "Clearly the risk from installing the patch is one of disruption to the organisation. If you balance that with the risk from a cyber attack stemming from the issues that are not addressed by failing to patch, you then have both sides of the equation and are able to make a decision. </p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="twFQWGnpSuXfswsCrh4NE4" name="twFQWGnpSuXfswsCrh4NE4.png" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/twFQWGnpSuXfswsCrh4NE4.png" mos="https://cdn.mos.cms.futurecdn.net/twFQWGnpSuXfswsCrh4NE4.png" link="" align="" fullscreen="" width="0" height="0" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div></figure><p class="fancy-box__body-text"><strong>Modern governance: The how-to guide</strong></p><p class="fancy-box__body-text">Equipping organisations with the right tools for business resilience</p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/policy-legislation/it-governance/361792/modern-governance-the-how-to-guide" data-original-url="/policy-legislation/it-governance/361792/modern-governance-the-how-to-guide">FREE DOWNLOAD</a></p></div></div><p>"There were six zero-day flaws addressed in the January patch, however, none of these zero-days are actively being exploited currently, and so it may appear that the consensus is to delay the patching process as it is riskier than being exposed to the zero days."</p><p>Alan Calder, CEO at GRC International Group, added: "If it were my business, and a sysadmin said they thought it might be ok to continue with critical vulnerabilities unpatched until Patch Tuesday in February, we would have had a very blunt conversation about taking cyber security seriously."</p><p>In a statement given to IT Pro, Microsoft said: "We recommend customers install updates released on January 17."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Microsoft takes aim at critical RCE flaws with "massive" Patch Tuesday update ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/cyber-security/361956/microsoft-january-patch-tuesday-critical-rce-flaws</link>
                                                                            <description>
                            <![CDATA[ Microsoft has kicked off 2022 with a score of security fixes for critical-rated vulnerabilities in some of the most widely used products used by businesses around the world ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">kk7sSkTNNHmByFzE68nY72</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/xQfg5Vc7YXULHE5hc4CvHi-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 12 Jan 2022 10:53:55 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Microsoft Office]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                    <category><![CDATA[Microsoft]]></category>
                                                                                                                    <dc:creator><![CDATA[ Connor Jones ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/LPjgE2kGKixS9aF7Jdp2mT.png ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/xQfg5Vc7YXULHE5hc4CvHi-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Win 11 on a smartphone in front of code on a monitor]]></media:description>                                                            <media:text><![CDATA[Win 11 on a smartphone in front of code on a monitor]]></media:text>
                                <media:title type="plain"><![CDATA[Win 11 on a smartphone in front of code on a monitor]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/xQfg5Vc7YXULHE5hc4CvHi-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Microsoft has fixed a total of 98 security vulnerabilities as part of its January 2022 Patch Tuesday update released this week, including 29 remote code execution (RCE) flaws and six zero-days.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/cyber-security/361839/the-scariest-security-horror-stories-of-2021" data-original-url="/security/cyber-security/361839/the-scariest-security-horror-stories-of-2021">The scariest security horror stories of 2021</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/zero-day-exploit/360447/why-zero-day-exploits-are-surging-on-an-unprecedented-scale" data-original-url="/security/zero-day-exploit/360447/why-zero-day-exploits-are-surging-on-an-unprecedented-scale">What's behind the explosion in zero-day exploits?</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/27713/the-importance-and-benefits-of-effective-patch-management" data-original-url="/security/27713/the-importance-and-benefits-of-effective-patch-management">Patch management vs vulnerability management</a></p></div></div><p>Of the 98 total vulnerabilities, nine were rated 'critical' - having a CVE score of nine or greater. Among the most severe security issues patched by Microsoft were a pair of RCEs both with scores of 9.8/10 affecting Windows Servers and systems with internet key exchange (IKE).</p><p>The flaw affecting Windows servers that are configured as a webserver, tracked as <a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21907">CVE-2022-21907</a>, allows unauthenticated cyber attackers to send specially crafted packets to targeted servers utilising the HTTP Protocol Stack. Microsoft also said the issue is <a href="https://www.itpro.com/network-internet/32608/what-was-the-morris-worm" data-original-url="https://www.itpro.com/network-internet/32608/what-was-the-morris-worm">wormable</a> and recommends <a href="https://www.itpro.com/security/27713/the-importance-and-benefits-of-effective-patch-management" data-original-url="https://www.itpro.com/security/27713/the-importance-and-benefits-of-effective-patch-management">patching</a> all affected servers as a priority task.</p><p>Another of the more serious flaws Microsoft patched this week was one found affecting internet key exchange (IKE), though Microsoft has been tight-lipped on the full details of the problem.</p><p>"CVE-2022-21907 is a particularly dangerous CVE because of its ability to allow for an attacker to affect an entire intranet once the attack succeeds," said Danny Kim, principal architect at Virsec, to <em>IT Pro</em>. </p><p>"Although Microsoft has provided an official patch, this CVE is another reminder that software features allow opportunities for attackers to misuse functionalities for malicious acts," he added. "Instead of trying to continuously patch and identify these vulnerabilities, enterprises should look for a real-time monitoring solution to safeguard applications and their functionalities from these types of attacks."</p><p>The RCE vulnerability, tracked as <a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21849">CVE-2022-21849</a>, can be exploited with 'low complexity', according to Microsoft's patch notes, and allows unauthenticated attackers to trigger multiple vulnerabilities when the IPSec service is running on Windows.</p><p>Microsoft Exchange Server also received five separate fixes for one critical-rated RCE vulnerability, tracked as <a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21846">CVE-2022-21846</a>, rated 9.0/10, with an 'adjacent' attack vector which means the attack is limited at the protocol level. This particular flaw was first flagged to Microsoft by the National Security Agency (NSA), which has raised attention to other Microsoft Exchange security issues throughout 2021.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="M2WpDQRjBJ3Hd2qkprKffM" name="M2WpDQRjBJ3Hd2qkprKffM.jpg" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/M2WpDQRjBJ3Hd2qkprKffM.jpg" mos="https://cdn.mos.cms.futurecdn.net/M2WpDQRjBJ3Hd2qkprKffM.jpg" link="" align="" fullscreen="" width="0" height="0" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div></figure><p class="fancy-box__body-text"><strong>Busting the myths about SSO</strong></p><p class="fancy-box__body-text">Why SSO capability is critical to the success of IAM</p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/single-sign-on-sso/361519/busting-the-myths-about-sso" data-original-url="/security/single-sign-on-sso/361519/busting-the-myths-about-sso">FREE DOWNLOAD</a></p></div></div><p>In order to achieve exploitation, cyber attackers would have to first gain a foothold onto a victim's environment, such as being on the same shared physical network, like <a href="https://www.itpro.com/security/359664/new-bluetooth-vulnerability-enables-hackers-to-mimic-genuine-devices" target="_blank" data-original-url="https://www.itpro.com/security/359664/new-bluetooth-vulnerability-enables-hackers-to-mimic-genuine-devices">Bluetooth</a> or IEEE 802.11. This type of flaw is common with man-in-the-middle setups, Microsoft said.</p><p>Numerous flaws affecting the Microsoft Office suite were also patched by Microsoft but perhaps the most serious one, tracked as <a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21840">CVE-2022-21840</a>, addressed 26 individual critical-rated flaws in one vulnerability. It has a CVE score of 8.8/10 and attackers could achieve remote code execution on a victim's machine if they opened a specially crafted file.</p><p>The flaw is thought to be slightly less likely to exploit given that some user interaction is required (opening the file), but Microsoft still categorised it as a 'low complexity' exploit, meaning cyber attackers can expect repeatable success against the vulnerable component.</p><p>Microsoft has issued updates for Windows machines, all of which are advised to be installed, but certain Mac users will have to wait for patches as they are not immediately available.</p><div class="youtube-video" data-nosnippet ><div class="video-aspect-box"><iframe data-lazy-priority="high" data-lazy-src="https://www.youtube-nocookie.com/embed/0JT8jBJUPrc" allowfullscreen></iframe></div></div><p>A full list of the now-patched security issues has been <a href="https://msrc.microsoft.com/update-guide/vulnerability">published by Microsoft</a> with RCE flaws affecting products including Windows Server, Microsoft Exchange Server, SharePoint Server, the Microsoft Office suite, DirectX, Windows Remote Desktop Protocol, Windows Resilient File System, and other areas.</p><p>"This massive Patch Tuesday comes during a time of chaos in the security industry whereby professionals are working overtime to remediate Log4Shell – reportedly the worst vulnerability seen in decades," said Bharat Jogi, director, vulnerability and threat research at Qualys to <em>IT Pro</em>. "Unpredictable events such as Log4Shell add significant stress to the security professionals dealing with such outbreaks – and bring to the forefront the importance of having an automated inventory of everything that is used by an organisation in their environment. </p><p>"It is the need of the hour to automate deployment of patches for events with defined schedules, such as Microsfot's Patch Tuesday, so security professionals can focus energy to respond efficiently to unpredictable events that pose dastardly risk to an organisation’s crown jewels."</p><h3 class="article-body__section" id="section-six-zero-day-vulnerabilities"><span>Six zero-day vulnerabilities</span></h3><p>In addition to the array of security vulnerabilities affecting Microsoft products, six <a href="https://www.itpro.com/security/zero-day-exploit/360447/why-zero-day-exploits-are-surging-on-an-unprecedented-scale" data-original-url="https://www.itpro.com/security/zero-day-exploit/360447/why-zero-day-exploits-are-surging-on-an-unprecedented-scale">zero-days</a> are also now patched, though no evidence suggests any of them were actively exploited.</p><ul><li><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21919">CVE-2022-21919</a> - Windows User Profile Service Elevation of Privilege Vulnerability</li><li><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21836">CVE-2022-21836</a> - Windows Certificate Spoofing Vulnerability</li><li><a href="https://msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21839">CVE-2022-21839</a> - Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability</li><li><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21874">CVE-2022-21874</a> - Windows Security Center API Remote Code Execution Vulnerability</li><li><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-22947">CVE-2021-22947</a> - Open Source Curl Remote Code Execution Vulnerability</li><li><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36976">CVE-2021-36976</a> - Libarchive Remote Code Execution Vulnerability</li></ul><p>None of the above zero-days were actively exploited, but publicly available proof of concept (PoC) code is available so businesses should still patch these as a matter of priority before exploitation attempts do start occurring.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Microsoft issues out-of-band patch for Windows Server sign-in bug ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/server-storage/microsoft-windows-server/361918/patch-issued-for-windows-server-sign-in-bug</link>
                                                                            <description>
                            <![CDATA[ The flaw, which causes a slow down in the user verification process, needs to be installed manually by IT admins ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">uqB1agzEtZHFMo9RRAiXJ1</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/WCgJoHLYwD3rMoqZWYNaER-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 06 Jan 2022 14:53:30 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Danny Bradbury ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/WCgJoHLYwD3rMoqZWYNaER-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Microsoft logo suspended above a conference floor]]></media:description>                                                            <media:text><![CDATA[Microsoft logo suspended above a conference floor]]></media:text>
                                <media:title type="plain"><![CDATA[Microsoft logo suspended above a conference floor]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/WCgJoHLYwD3rMoqZWYNaER-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p><a href="https://www.itpro.com/software/microsoft" data-original-url="https://www.itpro.com/search/microsoft">Microsoft</a> has issued an out-of-band patch for Windows Server to fix a problem that could potentially stop remote desktop users logging into the system.</p><p>The flaw causes performance issues with Windows Server, which would result either in a slow sign-in process, general slowness, or at worst a black screen, Microsoft said.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/cyber-security/361781/microsoft-launches-secured-core-servers-to-combat-ransomware" data-original-url="/security/cyber-security/361781/microsoft-launches-secured-core-servers-to-combat-ransomware">Microsoft launches Secured-core servers to combat ransomware</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/vulnerability/357168/windows-server-flaw-sparks-us-gov-warning" data-original-url="/security/vulnerability/357168/windows-server-flaw-sparks-us-gov-warning">Windows Server flaw sparks emergency US gov warning</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/exploits/357248/microsoft-warns-of-hackers-exploiting-zerologon-windows-server-bug" data-original-url="/security/exploits/357248/microsoft-warns-of-hackers-exploiting-zerologon-windows-server-bug">Microsoft warns 'Zerologon' Windows Server bug being exploited by hackers</a></p></div></div><p>Windows Server 2019 is at risk, and Microsoft has <a href="https://support.microsoft.com/en-us/topic/january-4-2022-kb5010196-os-build-17763-2369-out-of-band-1a7a9a37-b154-4e73-92dc-1a2f65a4c0d1">published KB5010196</a> to address this edition. The bug also affects Windows Server 2012 Release 2, which the company has addressed with <a href="https://support.microsoft.com/en-us/topic/kb5010215-windows-server-2012-r2-stops-responding-after-installing-the-december-14-2021-update-b7c5219f-d865-489f-a02a-6652095439b5">KB5010215</a>.</p><p>Also affected are Window Server 2022 and 2016, which the company said it would address in the coming days.</p><p>The bug stemmed from the KB5008218 update that Microsoft released during a regular Patch Tuesday update on December 14. This update introduced some security changes for Windows.</p><p>The out-of-band updates will not install automatically as part of the Windows Update service, meaning that administrators must install them manually by importing it into the Windows Server Update Service (WSUS). They can get the Windows Server 2019 patch by visiting the <a href="https://www.catalog.update.microsoft.com/Search.aspx?q=KB5010196">Microsoft Update Catalog website</a>. Windows Server 2012 Release 2 users can go <a href="https://www.catalog.update.microsoft.com/Search.aspx?q=KB5010215">here</a>.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="eWsAVmqb7koagsygWZB7LE" name="eWsAVmqb7koagsygWZB7LE.jpg" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/eWsAVmqb7koagsygWZB7LE.jpg" mos="https://cdn.mos.cms.futurecdn.net/eWsAVmqb7koagsygWZB7LE.jpg" link="" align="" fullscreen="" width="0" height="0" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div></figure><p class="fancy-box__body-text"><strong>The care and feeding of cloud</strong></p><p class="fancy-box__body-text">How to support cloud infrastructure post-migration</p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/cloud/cloud-management/358701/the-care-and-feeding-of-cloud" data-original-url="/cloud/cloud-management/358701/the-care-and-feeding-of-cloud">FREE DOWNLOAD</a></p></div></div><p>The latest updates are cumulative, and the Windows Server 2019 update inherits three other less urgent Windows issues identified by Microsoft. This includes errors for devices using Asian language packs, and a temporary problem starting the Windows Cluster Service that disappears when rebooting after approximately 20 minutes. There is also an issue with versions of Windows Server used as Key Management Services hosts that might prevent some client <a href="https://www.itpro.com/tag/windows-10" data-original-url="https://www.itpro.com/search/windows%2010">Windows 10</a> operating systems from activating. The company will fix these in future releases, it said.</p><p>Out-of-band patches for Windows Server are rare. Microsoft issued one in November last year, addressing a bug in Windows Server when used as a domain controller. The flaw prevented servers from authenticating legitimate users who tried to access resources using a <a href="https://www.itpro.com/security/single-sign-on-sso/361728/what-is-single-sign-on-sso" data-original-url="https://www.itpro.com/security/single-sign-on-sso/361728/what-is-single-sign-on-sso">single sign-on token</a>.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Microsoft launches Secured-core servers to combat ransomware ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/cyber-security/361781/microsoft-launches-secured-core-servers-to-combat-ransomware</link>
                                                                            <description>
                            <![CDATA[ Previously debuting on Windows PCs in 2019, the Secured-core initiative has reached servers in a bid to better protect infrastructure from cyber attacks like ransomware ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">kkpzc1x55TdYACowsppr4H</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/XLcEZFcsmNMbZFDZvM5wuG-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 08 Dec 2021 11:45:05 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Ransomware]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Connor Jones ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/LPjgE2kGKixS9aF7Jdp2mT.png ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/XLcEZFcsmNMbZFDZvM5wuG-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Rendering of a server rack, with blue light coming from the units ]]></media:description>                                                            <media:text><![CDATA[Rendering of a server rack, with blue light coming from the units ]]></media:text>
                                <media:title type="plain"><![CDATA[Rendering of a server rack, with blue light coming from the units ]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/XLcEZFcsmNMbZFDZvM5wuG-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Microsoft has expanded its Secured-core PC initiative to its server products in a bid to combat ransomware attacks on infrastructure.</p><p>Secured-core will now be expanded to reach Windows Server, Microsoft Azure Stack HCI, and Azure-certified <a href="https://www.itpro.com/cloud-computing/28037/what-is-iot" data-original-url="https://www.itpro.com/cloud-computing/28037/what-is-iot">IoT</a> devices.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/34673/microsoft-partners-with-device-and-chip-makers-on-secured-core-pcs" data-original-url="/security/34673/microsoft-partners-with-device-and-chip-makers-on-secured-core-pcs">Microsoft partners with device and chip makers on ‘secured-core’ PCs</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/ransomware/361250/how-not-to-get-hit-by-ransomware-in-2022" data-original-url="/security/ransomware/361250/how-not-to-get-hit-by-ransomware-in-2022">How not to get hit by ransomware in 2022</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/ransomware/360337/kaseya-obtains-master-decryptor-third-party-following-revil-attack" data-original-url="/security/ransomware/360337/kaseya-obtains-master-decryptor-third-party-following-revil-attack">Kaseya mysteriously obtains master REvil decryptor from ‘third party’</a></p></div></div><p>Businesses can search for Secured-core servers in the Azure Stack HCI and Windows Server online catalogues. There are currently four all-HPE products that run Azure Stack HCI and 42 options from a variety of vendors that meet the Windows Server spec.</p><p>All servers come “fully equipped with industry-leading security mitigations built into the hardware, firmware, and the operating system to help thwart some of the most advanced attack vectors,” Microsoft said.</p><p>Secured-core servers are built around three distinct security pillars:</p><ol><li>To protect the server infrastructure with a hardware-based root of trust</li><li>To defend sensitive workloads against firmware-level attacks</li><li>To prevent access and the execution of unverified code on the systems</li></ol><p>“Partnering with leading original equipment manufacturers (OEMs) and silicon vendors, Secured-core servers use industry-standard hardware-based root of trust coupled with security capabilities built into today’s modern central processing units (CPUs),” said Microsoft in a <a href="https://www.microsoft.com/security/blog/2021/12/07/new-secured-core-servers-are-now-available-from-the-microsoft-ecosystem-to-help-secure-your-infrastructure">blog post</a>. </p><p>“Secured-core servers use the Trusted Platform Module 2.0 and Secure boot to ensure that only trusted components load in the boot path.”</p><p>It’s thought the new hardware will help tackle specific parts of ransomware attacks and help detect intrusions earlier, with the hope that attacks can be mitigated before any real damage is done.</p><p>Microsoft used a typical REvil ransomware kill chain as an example. REvil was one of the most prolific ransomware gangs of 2021 before it <a href="https://www.itpro.com/security/ransomware/361480/three-revil-ransomware-gang-members-arrested-following-international" data-original-url="https://www.itpro.com/security/ransomware/361480/three-revil-ransomware-gang-members-arrested-following-international">shuttered following a string of arrests of alleged REvil associates</a>. </p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="HKtJS9JFTKEeoEuXekCRcJ" name="" alt="A flowchart describing the kill chain used by REvil to attack Kaseya" src="https://cdn.mos.cms.futurecdn.net/HKtJS9JFTKEeoEuXekCRcJ.jpg" mos="https://cdn.mos.cms.futurecdn.net/HKtJS9JFTKEeoEuXekCRcJ.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div><figcaption itemprop="caption description" class="pull-"><span class="credit" itemprop="copyrightHolder">(Image credit: Microsoft)</span></figcaption></figure><p>Using the kill chain used by REvil on <a href="https://www.itpro.com/security/ransomware/360122/up-to-1500-organizations-compromised-in-kaseya-ransomware-attack" data-original-url="https://www.itpro.com/security/ransomware/360122/up-to-1500-organizations-compromised-in-kaseya-ransomware-attack">Kaseya</a> earlier this year, Microsoft explained that certain features in Secured-core servers like Hypervisor-protected Code Integrity (HVCI) can block drivers that tamper with the kernel, like with Mimikatz, via a code integrity security policy.</p><p>By preventing credential theft, an early stage of the <a href="https://www.itpro.com/security/ransomware/361250/how-not-to-get-hit-by-ransomware-in-2022" data-original-url="https://www.itpro.com/security/ransomware/361250/how-not-to-get-hit-by-ransomware-in-2022">ransomware</a> kill chain, Microsoft said Secured-core server can make it very difficult for attackers to move laterally around a potential victim’s network.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="TDddJPsRCmdrr35SdPri7g" name="TDddJPsRCmdrr35SdPri7g.jpg" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/TDddJPsRCmdrr35SdPri7g.jpg" mos="https://cdn.mos.cms.futurecdn.net/TDddJPsRCmdrr35SdPri7g.jpg" link="" align="" fullscreen="" width="0" height="0" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div></figure><p class="fancy-box__body-text"><strong>How to reduce the risk of phishing and ransomware</strong></p><p class="fancy-box__body-text">Top security concerns and tips for mitigation</p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/ransomware/360247/how-to-reduce-the-risk-of-phishing-and-ransomware" data-original-url="/security/ransomware/360247/how-to-reduce-the-risk-of-phishing-and-ransomware">FREE DOWNLOAD</a></p></div></div><p>“Continuing to raise the security bar for critical infrastructure against attackers makes it easier for organisations to meet that higher bar, which is an important priority for both customers and Microsoft,” said Microsoft. </p><p>“Successfully protecting systems requires a holistic approach that builds security from the chip to the cloud across hardware, firmware, and the operating system.”</p><p>Microsoft <a href="https://www.itpro.com/security/34673/microsoft-partners-with-device-and-chip-makers-on-secured-core-pcs" data-original-url="https://www.itpro.com/security/34673/microsoft-partners-with-device-and-chip-makers-on-secured-core-pcs">debuted the Secured-core initiative in 2019</a> on Windows PCs which saw computers ship with enhanced security measures at the hardware level. </p><p>The machines were designed for business use, with the financial services and healthcare industries targeted specifically, as well as anyone working in a high-value-data role such as in government. </p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Kaspersky exposes MysterySnail zero-day exploit in Windows  ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/zero-day-exploit/361224/mysterysnail-zero-day-elevation-of-privilege-exploit-in-windows</link>
                                                                            <description>
                            <![CDATA[ Elevation-of-privilege flaw could enable Chinese hackers to mount widespread spying campaign ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">2np38dGKMTQ7ETtTQa1X6J</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/WMEar7ZBE87ojcXBdnVcuA-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 13 Oct 2021 13:16:43 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Hacking]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Rene Millman ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/vwWuTPNRCuw9vEaWzuXYnR.png ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/WMEar7ZBE87ojcXBdnVcuA-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A depiction of a bug on a blue binary background]]></media:description>                                                            <media:text><![CDATA[A depiction of a bug on a blue binary background]]></media:text>
                                <media:title type="plain"><![CDATA[A depiction of a bug on a blue binary background]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/WMEar7ZBE87ojcXBdnVcuA-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Chinese hackers have attacked IT companies and defense contractors using a zero-day elevation-of-privilege exploit, according to <a href="https://www.itpro.com/security" data-original-url="https://www.itpro.com/security">security</a> researchers.</p><p>Researchers at <a href="https://securelist.com/mysterysnail-attacks-with-windows-zero-day/104509">Kaspersky said</a> an APT group exploited a zero-day vulnerability in the Windows Win32k kernel driver to develop a new RAT trojan. This exploit had many debug strings from an older, officially known exploit for the CVE-2016-3309 vulnerability. The malware, dubbed MysterySnail, was found on several Microsoft servers between August and September 2021.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/network-internet/internet-of-things-iot/361010/100-million-iot-devices-affected-by-zero-day-flaw" data-original-url="/network-internet/internet-of-things-iot/361010/100-million-iot-devices-affected-by-zero-day-flaw">100 million IoT devices affected by zero-day flaw</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/vulnerability/360887/microsoft-patch-tuesday-internet-explorer-zero-day" data-original-url="/security/vulnerability/360887/microsoft-patch-tuesday-internet-explorer-zero-day">Microsoft patches Internet Explorer zero-day under active attack</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/exploits/360870/apple-patches-nso-forcedentry-zero-day-flaw" data-original-url="/security/exploits/360870/apple-patches-nso-forcedentry-zero-day-flaw">Apple patches zero-day flaw abused by infamous NSO exploit</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/zero-day-exploit/360447/why-zero-day-exploits-are-surging-on-an-unprecedented-scale" data-original-url="/security/zero-day-exploit/360447/why-zero-day-exploits-are-surging-on-an-unprecedented-scale">What's behind the explosion in zero-day exploits?</a></p></div></div><p>The privilege escalation exploit used to develop the MysterySnail RAT targets Windows client and server versions, from Windows 7 and Windows Server 2008 to the latest versions, including Windows 11 and Windows Server 2022. Kaspersky reports that zero-day exploit also targets Windows client versions, however, it was only discovered on Windows Server systems.</p><p>Researchers said the root cause of this vulnerability lies in the ability to set user-mode callbacks and execute unexpected API functions during the execution of those callbacks. The bug was triggered when the function ResetDC is executed a second time for the same handle during the execution of its own callback, said researchers.</p><p>The uncovered code similarity and the reuse of the Command and Control (C&C) infrastructure led researchers to connect these attacks to the IronHusky cyber espionage group and Chinese-sourced APT activity dating back to 2012.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="A6JkNoAuvUffjedBwKi84B" name="A6JkNoAuvUffjedBwKi84B.png" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/A6JkNoAuvUffjedBwKi84B.png" mos="https://cdn.mos.cms.futurecdn.net/A6JkNoAuvUffjedBwKi84B.png" link="" align="" fullscreen="" width="0" height="0" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div></figure><p class="fancy-box__body-text"><strong>Global security insights report 2021</strong></p><p class="fancy-box__body-text">Extended enterprise under threat</p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/360947/global-security-insights-report-2021" data-original-url="/security/360947/global-security-insights-report-2021">FREE DOWNLOAD</a></p></div></div><p>Kaspersky first spotted the Chinese hacking group IronHusky by in 2017 as part of an investigation into a campaign targeting Russian and Mongolian government entities, airlines, and research centers. A year later, Kaspersky's investigators discovered that Chinese hackers began exploiting the CVE-2017-11882 vulnerability, a memory corruption vulnerability in Microsoft Office, to spread RATs commonly used by Chinese groups, including PlugX and PoisonIvy.</p><p>By analyzing the malware payload used with the zero-day exploit in MysterySnail, Kaspersky researchers found hacker used variants of this malware in widespread espionage campaigns against IT companies, military, defense contractors, and diplomatic entities. The malware collects and steals system information from compromised computers before contacting the command-and-control server for further commands.</p><p>The RAT can execute various commands on infected machines, such as running new processes, interrupting processes, and more. Researchers said the malware itself is not very sophisticated and has functionality like many other remote shells.</p><p>“But it still somehow stands out, with a relatively large number of implemented commands and extra capabilities like monitoring for inserted disk drives and the ability to act as a proxy,” said Kaspersky researchers Boris Larin and Costin Raiu.</p><p>The vulnerability identified as CVE-2021-40449 was fixed by Microsoft as part of this month's Patch Tuesday.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Microsoft warns 'Zerologon' Windows Server bug being exploited by hackers ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/exploits/357248/microsoft-warns-of-hackers-exploiting-zerologon-windows-server-bug</link>
                                                                            <description>
                            <![CDATA[ The tech giant is 'actively tracking' threat actors using the exploit to access domain controllers ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">gCvtb3aj3DHbRfPKTp8Pzf</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/uDPZW7QrzXQQgA4XjNTaVT-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 25 Sep 2020 11:32:30 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Bobby Hellard ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/bsR2tHSyVKUoyXZF5pNsDA.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/uDPZW7QrzXQQgA4XjNTaVT-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Ones and zeros traveling towards darkness]]></media:description>                                                            <media:text><![CDATA[Ones and zeros traveling towards darkness]]></media:text>
                                <media:title type="plain"><![CDATA[Ones and zeros traveling towards darkness]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/uDPZW7QrzXQQgA4XjNTaVT-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p><a href="https://www.itpro.com/software/microsoft" data-original-url="https://www.itpro.com/search/microsoft">Microsoft</a> has issued a warning that hackers are exploiting a <a href="https://www.itpro.com/operating-systems/microsoft-windows/356040/developing-the-intelligent-core-with-windows-server-2019" target="_blank" data-original-url="https://www.itpro.com/operating-systems/microsoft-windows/356040/developing-the-intelligent-core-with-windows-server-2019">Windows Server</a> system vulnerability that provides access to an organisation's active directory domain controller.</p><p>The tech giant said it was actively tracking hackers using the 'Zerologon' bug, which it said had been incorporated into attacker playbooks.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/vulnerability/357168/windows-server-flaw-sparks-us-gov-warning" data-original-url="/security/vulnerability/357168/windows-server-flaw-sparks-us-gov-warning">Windows Server flaw sparks emergency US gov warning</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/112869/microsoft-reveals-name-of-new-windows-server" data-original-url="/112869/microsoft-reveals-name-of-new-windows-server">Microsoft reveals name of new Windows Server</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/91693/microsoft-patch-numbers-hit-record-high" data-original-url="/91693/microsoft-patch-numbers-hit-record-high">Microsoft patch numbers hit record high</a></p></div></div><p>Zerologon has appeared in downloadable forms on the internet since it was first spotted by Dutch security firm <a href="https://www.secura.com/pathtoimg.php?id=2055" target="_blank">Secura</a> on 14 September. It is an exploit of Netlogon, the protocol used by Windows systems to authenticate against a Windows Server running as a domain controller. With it, hackers can take over the domain controller and, in turn, a company's internal network.</p><p>The warning comes just days after the US Cybersecurity and Infrastructure Security Agency (CISA) issued a <a href="https://www.itpro.com/security/vulnerability/357168/windows-server-flaw-sparks-us-gov-warning" target="_blank" data-original-url="https://www.itpro.com/security/vulnerability/357168/windows-server-flaw-sparks-us-gov-warning">directive</a>, urging government agencies to immediately apply the Windows Server August 2020 <a href="https://www.itpro.com/security/27713/the-importance-and-benefits-of-effective-patch-management" target="_blank" data-original-url="https://www.itpro.com/security/27713/the-importance-and-benefits-of-effective-patch-management">security update</a> to all domain controllers by 21 September.</p><p>CISA said that the bug poses "an unacceptable risk" and requires "immediate action", rating it the highest possible score of 10.0 on the CVSS scale of severity.</p><p>"Microsoft is actively tracking threat actor activity using exploits for the CVE-2020-1472 Netlogon EoP vulnerability, dubbed Zerologon," the tech giant warned in a tweet. "We have observed attacks where public exploits have been incorporated into attacker playbooks.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="MoBNMWhnBpBnDYeY4RFXK9" name="MoBNMWhnBpBnDYeY4RFXK9.png" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/MoBNMWhnBpBnDYeY4RFXK9.png" mos="https://cdn.mos.cms.futurecdn.net/MoBNMWhnBpBnDYeY4RFXK9.png" link="" align="" fullscreen="" width="0" height="0" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div></figure><p class="fancy-box__body-text"><strong>Finding the right ADC to manage hybrid application delivery</strong></p><p class="fancy-box__body-text">A guide to ADC for IT and DevOps applications</p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/software/microservices/357181/finding-the-right-adc-to-manage-hybrid-application-delivery" data-original-url="/software/microservices/357181/finding-the-right-adc-to-manage-hybrid-application-delivery">FREE DOWNLOAD</a></p></div></div><p>"Microsoft 365 customers can refer to the threat analytics report we published in Microsoft Defender Security Center. The threat analytics report contains technical details, mitigations, and detection details designed to empower SecOps to detect and mitigate this threat."</p><p>Researchers have dubbed the vulnerability Zerologon as it allows hackers with minimal access to a network to login to its Active Directory simply by sending a string of zeros in messages that use the Netlogon protocol.</p><p>It's said to affect Windows Server versions from 2008 up to 2019.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Microsoft delays end of support for older Windows 10 releases ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/operating-systems/microsoft-windows/355322/microsoft-delays-end-of-support-for-older-windows-10</link>
                                                                            <description>
                            <![CDATA[ Coronavirus knocks back final updates to iterations of the flagship OS released in 2017 and 2018 ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">mzmYFqKqx7uBmzyk1QBDKb</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/GTeBTYsqnTKKPDNEKEUSM3-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 15 Apr 2020 09:56:15 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Windows]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                    <category><![CDATA[Microsoft]]></category>
                                                                                                                    <dc:creator><![CDATA[ Keumars Afifi-Sabet ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/EAvwpZggMZ2K5h8s2pTAEm.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/GTeBTYsqnTKKPDNEKEUSM3-1280-80.jpg">
                                                            <media:credit><![CDATA[Microsoft]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Windows 10 start menu]]></media:description>                                                            <media:text><![CDATA[Windows 10 start menu]]></media:text>
                                <media:title type="plain"><![CDATA[Windows 10 start menu]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/GTeBTYsqnTKKPDNEKEUSM3-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Microsoft has given some breathing room to organisations running older versions of <a href="https://www.itpro.com/operating-systems/26138/how-to-speed-up-windows-10" target="_blank" data-original-url="https://www.itpro.com/operating-systems/26138/how-to-speed-up-windows-10">Windows 10</a> by delaying final security updates due to be released over the next few weeks.</p><p>Businesses running Windows 10 version 1709 Enterprise, Education and IoT Enterprise, as well as Windows 10 version 1809 Home, Pro, Pro Education, Pro for Workstations and IoT Core, must no longer imminently update their systems.</p><p>The final security update for the former will now be released on 13 October, instead of its initially scheduled date of 14 April. The latter version meanwhile will see its final security update released on 10 November instead of 12 May. </p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them" data-original-url="/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them">17 common Windows 10 problems and how to fix them</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/software/33513/why-your-staff-are-key-to-windows-10-migration" data-original-url="/software/33513/why-your-staff-are-key-to-windows-10-migration">Why your staff are key to Windows 10 migration</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/software/operating-systems/355273/meet-the-new-windows-powertoys" data-original-url="/software/operating-systems/355273/meet-the-new-windows-powertoys">Meet the new Windows PowerToys</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/operating-systems/microsoft-windows/355015/windows-10-hits-one-billion-active-devices" data-original-url="/operating-systems/microsoft-windows/355015/windows-10-hits-one-billion-active-devices">Windows 10 hits one billion active devices</a></p></div></div><p>These changes are being made in light of the <a href="https://www.itpro.com/cloud/354902/the-coronavirus-outbreak-is-the-clouds-chance-to-shine" target="_blank" data-original-url="https://www.itpro.com/cloud/354902/the-coronavirus-outbreak-is-the-clouds-chance-to-shine">coronavirus pandemic</a>, which has caused an untold level of disruption, with many businesses <a href="https://www.itpro.com/business-strategy/flexible-working/355051/perfecting-your-remote-working-strategy" target="_blank" data-original-url="https://www.itpro.com/business-strategy/flexible-working/355051/perfecting-your-remote-working-strategy">migrating their workforce to remote working patterns</a>.</p><p>“Microsoft has been deeply engaged with customers around the world who are impacted by the current public health situation,” a Microsoft update said.</p><p>“As a member of the global community, we want to contribute to reducing the stress our customers face right now. To that end, we have delayed the scheduled end of support and servicing dates for the following products to help people and organizations focus their attention on retaining business continuity.”</p><p>These versions of Windows 10 were no longer meant to be supported through the rest of 2020 and beyond, with Microsoft keen to encourage businesses to stay up-to-date with the latest iteration of its flagship OS. </p><p>The reality, for many businesses, is that it’s more difficult in practice staying up-to-date to this degree. Moreover, it’s often undesirable, considering seasonal updates such as these being phased out are afflicted with bugs that need patching shortly after release.</p><p>Microsoft is also pausing feature updates for Home and Pro editions running on version 1809, with the rollout process restart being closely monitored in advance of the 10 November end of service date.</p><p>Windows Server version 1809, Datacentre and Standard editions will see final security updates delayed to 10 November from 12 May as well. SharePoint Server 2010, SharePoint Foundation 2010 and Project Server 2010 were expected to reach their end-of-service dates on 13 April, moreover, although final security updates will now be released on 13 October. </p><p>There were also a couple of applications due no longer be supported by Microsoft, with their final update dates also pushed back. The final release for the Dynamics 365 Customer Engagement web client, for example, has been delayed to December 2020, with updates paused for Dyanimcs 365 Finance, Supply Chain Management and Commerce customers for an extended period of time.</p><p>Microsoft has also postponed the disablement of Basic Authentication in Exchange Online for those still actively using it, until the second half of 2021.</p><p>The likes of Exchange Server 2010, Office 2010, Project 2010, Office 2016 for Mac and Office 2013 connectivity to the Office 365 services have been unaffected in this update. The end-of-support date for these packages will remain the same as they were.</p><p>Microsoft has been making tweaks to the way it delivers software and updates in light of the coronavirus pandemic, with a view to reducing the burden on itself as well as its customers. <a href="https://www.itpro.com/operating-systems/microsoft-windows/355105/microsoft-puts-windows-development-on-lockdown" data-original-url="https://www.itpro.com/operating-systems/microsoft-windows/355105/microsoft-puts-windows-development-on-lockdown">Windows development, for example, was put on lockdown</a> last month, with developers only working to release the most essential security updates from May 2020.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Microsoft accidentally leaks details on a wormable SMB flaw ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/vulnerability/354965/microsoft-accidentally-leaks-details-on-a-wormable-smb-flaw</link>
                                                                            <description>
                            <![CDATA[ No patch is currently available for the vulnerability, which has now been publicly acknowledged ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">jG89xiE8WmkqiwDGWoLPQQ</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/gkK5cyPQiHCTuPaDrkc6MU-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 11 Mar 2020 11:17:52 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Keumars Afifi-Sabet ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/EAvwpZggMZ2K5h8s2pTAEm.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/gkK5cyPQiHCTuPaDrkc6MU-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A hand holding a magnifying glass reveals a red lock, unlocked among several blue locked locks]]></media:description>                                                            <media:text><![CDATA[A hand holding a magnifying glass reveals a red lock, unlocked among several blue locked locks]]></media:text>
                                <media:title type="plain"><![CDATA[A hand holding a magnifying glass reveals a red lock, unlocked among several blue locked locks]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/gkK5cyPQiHCTuPaDrkc6MU-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Microsoft accidentally released information on a critical flaw embedded in its Server Message Block 3.0 (SMBv3) network communications protocol ahead of schedule, coinciding with more than a hundred Patch Tuesday fixes.</p><p>Details of the wormable vulnerability, which has been <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0796">reserved CVE-220-0796</a>, were disclosed publicly shortly after Microsoft prematurely informed security vendors of the bug through its Active Protections Program scheme. This early-access information, however, was retracted shortly after.</p><div class="see-more see-more--clipped"><blockquote class="twitter-tweet hawk-ignore" data-lang="en"><p lang="en" dir="ltr"><a href="https://twitter.com/cantworkitout/status/1237460892406681604"></a></p></blockquote><div class="see-more__filter"></div></div><p>Attackers can exploit the remote code execution vulnerability found in SMBv3 by sending a specially-crafted packet to the targeted SMBv3 server - to which the hacker must already be connected to. </p><p>Vulnerable operating systems include <a href="https://www.itpro.com/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them" data-original-url="https://www.itpro.com/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them">Windows 10</a> 1903 and 1909 for 32-bit, x64-bit and ARM64-based systems, as well as Windows Server versions 1903 and 1909.</p><p>Security firm <a href="https://fortiguard.com/encyclopedia/ips/48773">Fortinet</a> has suggested the vulnerability is due to an error when the software handles any maliciously crafted data packet, which can lead to hackers gaining full control of a vulnerable system. It’s considered ‘wormable’ as it's believed an attacker could easily move from device to device.</p><p>Both Fortinet and <a href="https://cc.bingj.com/cache.aspx?q=https%3a%2f%2fblog.talosintelligence.com%2f2020%2f03%2fmicrosoft-patch-tuesday-march-2020.html&w=NrvF66m3pULMCOMEBw-cKyRUwi9s1qXv&d=928684983196">Cisco Talos</a> have recommended that users disable SMBv3 compression and block TCP port 445 on firewalls and client computers.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/34189/decade-old-vulnerability-found-in-globally-popular-office-phone" data-original-url="/security/34189/decade-old-vulnerability-found-in-globally-popular-office-phone">Decade-old vulnerability found in globally popular office phone</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/34097/exploits-for-windows-bluekeep-vulnerability-commercially-available" data-original-url="/security/34097/exploits-for-windows-bluekeep-vulnerability-commercially-available">Exploits for Windows BlueKeep vulnerability commercially available</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/cyber-security/34205/microsoft-patches-abundance-of-critical-and-wormable-windows-vulnerabilities" data-original-url="/cyber-security/34205/microsoft-patches-abundance-of-critical-and-wormable-windows-vulnerabilities">Microsoft patches abundance of "critical" and "wormable" Windows vulnerabilities</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/34744/first-mass-bluekeep-exploitation-spotted-in-the-wild" data-original-url="/security/34744/first-mass-bluekeep-exploitation-spotted-in-the-wild">First mass BlueKeep exploitation spotted in the wild</a></p></div></div><p>After the details became public, <a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv200005">Microsoft released its own security advisory</a> suggesting the company was aware of the flaw, although official mitigation has not yet been identified.</p><p>“To exploit the vulnerability against an SMB Server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 Server,” the advisory said.</p><p>“To exploit the vulnerability against an SMB Client, an unauthenticated attacker would need to configure a malicious SMBv3 Server and convince a user to connect to it.”</p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="HAWqHZ8ZvvEfTcRhBAebZK" name="HAWqHZ8ZvvEfTcRhBAebZK.png" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/HAWqHZ8ZvvEfTcRhBAebZK.png" mos="https://cdn.mos.cms.futurecdn.net/HAWqHZ8ZvvEfTcRhBAebZK.png" link="" align="" fullscreen="" width="0" height="0" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div></figure><p class="fancy-box__body-text"><strong>Three keys to maximise application migration and modernisation success</strong></p><p class="fancy-box__body-text">Harness the benefits that modernised applications can offer</p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/software/enterprise-applications/354513/three-keys-to-maximise-application-migration-and" data-original-url="/software/enterprise-applications/354513/three-keys-to-maximise-application-migration-and">FREE DOWNLOAD</a></p></div></div><p>Microsoft confirmed a workaround that involves disabling SMBv3 compression <a href="https://www.itpro.com/microsoft-windows/34535/powershell-vs-cmd-unlocking-the-power-of-windows" target="_blank" data-original-url="https://www.itpro.com/microsoft-windows/34535/powershell-vs-cmd-unlocking-the-power-of-windows">using a PowerShell command</a> may be deployed, although the firm added this does not prevent exploitation of SMB clients.</p><p>Details of the vulnerability were made public just as Microsoft released fixes for 117 flaws in various systems, including 25 vulnerabilities considered critical, as part of its routine Patch Tuesday round of fixes.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Beat the clock on Windows Server end-of-service ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/server-storage/microsoft-windows-server/354114/beat-the-clock-on-windows-server-end-of-service</link>
                                                                            <description>
                            <![CDATA[ Be ready to update and modernise your IT infrastructure with new server hardware ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">cUQQw1a5R6fhfmQ3czR21T</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/8qCDEfiGbcvoD5Lxi9cVyn-1280-80.png" type="image/png" length="0"></enclosure>
                                                                        <pubDate>Thu, 31 Oct 2019 11:14:21 +0000</pubDate>                                                                                                                                <updated>Fri, 12 Jun 2020 11:14:21 +0000</updated>
                                                                                                                                            <category><![CDATA[Software]]></category>
                                                                                                <author><![CDATA[ itpro@futurenet.com (ITPro) ]]></author>                    <dc:creator><![CDATA[ ITPro ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/png" url="https://cdn.mos.cms.futurecdn.net/8qCDEfiGbcvoD5Lxi9cVyn-1280-80.png">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/8qCDEfiGbcvoD5Lxi9cVyn-1280-80.png" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="BG9XZqqVTYhpVtFW3WoDFG" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/BG9XZqqVTYhpVtFW3WoDFG.png" mos="https://cdn.mos.cms.futurecdn.net/BG9XZqqVTYhpVtFW3WoDFG.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>Three Microsoft Windows Server 2008 R2 editions EOS came up in January 2020. By now, companies should have already migrated to a new server such as Microsoft Windows Server 2016 or Windows Server 2019. Those who haven’t need to urgently make their move. </p><p>These organisations must decide whether to attempt installing this new OS on their existing servers, build new servers to support the upgrade, or purchase new hardware from an OEM vendor to ensure the best results for the updated OS.</p><p>This whitepaper looks at the different considerations IT decision makers face in making the upgrade to Microsoft Windows Server 2019, and how to decide which option is best for their organisation. Download it now to beat the EOS clock.</p><p>Dell recommends Windows 10 Pro for business.</p><p><em>Learn more about Dell Technologies solutions powered by Intel</em>®</p><iframe frameborder="0" height="1000" width="100%" data-lazy-priority="low" data-lazy-src="https://dennis.cvtr.io/forms/46879-46865-dell-data-capital-mrl-may-jul-2020-li-260355?locale=1&p=false&wp=4635"></iframe>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Unsupported software figures show councils 'still aren't serious about security' ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/microsoft-windows-server/31882/unsupported-software-figures-show-councils-still-arent-serious-about</link>
                                                                            <description>
                            <![CDATA[ Authorities faced an average of 37 attacks per minute between 2013 and 2017 on unsupported software ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">uxvMm4CaFDcaC8jCEaNJjE</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/gwU5VkfGCv8aiJ5HPYVvcU-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 11 Sep 2018 07:56:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Digital Transformation]]></category>
                                                    <category><![CDATA[Business]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sandra Vogel ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/gwU5VkfGCv8aiJ5HPYVvcU-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Image of a server rack with lens flare on the corner of the image]]></media:description>                                                            <media:text><![CDATA[Image of a server rack with lens flare on the corner of the image]]></media:text>
                                <media:title type="plain"><![CDATA[Image of a server rack with lens flare on the corner of the image]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/gwU5VkfGCv8aiJ5HPYVvcU-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>When we think about our local council, the chances are we think about the everyday services they provide street cleaning, social care, planning, that kind of thing.</p><p>Underpinning these services is an administrative system built on technology architecture that needs to run smoothly, be secure, and be well maintained if it's to provide the level of service citizens expect at a price that's affordable.</p><h3 class="article-body__section" id="section-thirty-seven-attacks-every-minute"><span>Thirty-seven attacks every minute</span></h3><p><a href="https://www.comparex-group.com/web/uk/en/about-comparex/news-press/pressrelease_details.htm?articleId=787&pmtitle=Freedom%20of%20Information%20requests%20reveal%20nearly%20half%20of%20English%20councils%20are%20still%20using%20unsupported%20server%20software" target="_blank">Research from IT service provider Comparex recently revealed</a> that nearly half of all councils in England are still reliant on server software that is no longer officially supported by its vendor.</p><p>The research found that 24% of councils were still running Windows Server 2000 or Windows Server 2003, support for which ended in 2010 and 2015 respectively, while 38% were running Microsoft SQL Server 2005, which hit end-of-life in 2016. In total, it was found that 46% of councils reported using one or more of these products, and therefore running critical infrastructures that could be vulnerable to attacks, breakage and general inefficiency. That's particularly alarming given the surge in the number of attacks targeting the public sector over the past few years.</p><p>Comparex found that 94% of councils running Windows Server 2000 or Windows Server 2003 planned to upgrade within the next two years and 88% of those running Microsoft SQL Server 2005 had plans to upgrade in next couple of years. As custodians of vast amounts of public data, that's certainly a step in the right direction, but, if we're also to account for delays or technical teething problems in the upgrade process, its still gives plenty of time for flaws to emerge.</p><p>It was recently discovered that UK local authorities have faced <a href="https://bigbrotherwatch.org.uk/wp-content/uploads/2018/02/Cyber-attacks-in-local-authorities.pdf" target="_blank">more than 98 million cyber attacks</a> over the past five years, according to data gathered by Big Brother Watch using Freedom of Information requests. That equates to at least 37 attempted breaches every minute, and at least one in four of these attempts resulted in an actual breach during the 2013 to 2017 period.</p><h3 class="article-body__section" id="section-security-still-isn-39-t-a-priority"><span>Security still isn't a priority</span></h3><p>Coming up with an upgrade plan is difficult enough, but actually beginning the process is another beast entirely. James Moar, senior analyst at Juniper Research tells <em>Cloud Pro</em> that security is still seen as an afterthought, particularly at a time of dwindling budgets.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/cloud-computing/31430/why-we-need-a-clearer-picture-on-council-cloud-adoption" data-original-url="/cloud-computing/31430/why-we-need-a-clearer-picture-on-council-cloud-adoption">Why we need a clearer picture on council cloud adoption</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/data-breaches/30583/a-quarter-of-uk-councils-have-been-hacked" data-original-url="/data-breaches/30583/a-quarter-of-uk-councils-have-been-hacked">A quarter of UK councils 'have been hacked'</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/agile-development/31403/essex-county-council-embraces-agile-in-a-push-for-modern-services" data-original-url="/agile-development/31403/essex-county-council-embraces-agile-in-a-push-for-modern-services">Essex County Council embraces agile in a push for modern services</a></p></div></div><p>"Councils, like many businesses, are still likely to see security as an additional cost, rather than a necessity," says Moar. "While the GDPR and other recent legislation has highlighted the need to more tightly control access to data, this is unlikely to cause councils to rethink their whole information security posture."</p><p>The problem is compounded by the fact Microsoft's upgrading process isn't exactly user-friendly. "So far as I'm aware, there's no direct upgrade route from Windows Server 2000 to Windows Server 2012," explains Richard Edwards, IT research analyst at Freeform Dynamics. "So, the only option would be to upgrade to Windows Server 2003 and then to Windows Server 2012. That's not a good use of anyone's time."</p><p>"There are, of course, alternatives to upgrading," adds Edwards. "A Windows file server can be replaced by an appliance or cloud storage services. Databases can be consolidated or considered for replacement by other SaaS applications. There are many options to look at."</p><h3 class="article-body__section" id="section-trusting-third-party-providers"><span>Trusting third-party providers</span></h3><p>The problem councils face is finding the best route through budgetary constraints to a back-end system that's as secure as it can be, that meets the requirements of GDPR and other legislation, and that's able to be kept up to date in a cost-efficient way.</p><p>"GDPR encourages best practice, but policies themselves don't keep hackers out," says Edwards. "IT departments may have expertise in running old systems, and they may have mitigations in place to address hardware failure, but it's not good business to run any business on unsupported systems."</p><p>In response to the report, Georgina Maratheftis, programme manager for Local Government at techUK tells us that cyber security "must be taken seriously by everyone in councils, not just the IT and cyber team".</p><p>"If anything, the General Data Protection Regulation (GDPR) should be an opportunity for councils to build a culture of data trust and review current cyber security procedure and training.</p><p>Understandably councils continue to face financial pressures and constraints, but they should weigh up the long-term and reputational costs if they do not act now."</p><p>One solution is for councils to look to cloud providers for alternatives, particularly as technologies like virtualisation help not only cut down on the costs of running infrastructure, but is also far more efficient than housing physical servers on-premise. This, of course, would require a great deal of decommissioning on behalf of the councils, and they may be reluctant to break from tradition and hand over the management of systems to a third-party.</p><p>"There's still the issue of out-of-date software," explains Edwards. "SaaS solutions are available to meet an unimaginable range of business requirements. These should be investigated, and where existing SaaS platforms are in use, consider how they might feature as part of a re-platforming strategy."</p><p>Unfortunately, <a href="http://www.cloudpro.co.uk/it-infrastructure/cloud-deployment/7555/why-we-need-a-clearer-picture-on-council-cloud-adoption" target="_blank">recent research by Citrix revealed</a> that a staggering 80% of councils are still reliant on on-premise architecture. Some experts claim that many authorities are facing difficulty securing buy-in from senior leadership, particularly when it comes to alleviating fears over changing workplace cultures or the greater demand a move may have on employee skill sets.</p><h3 class="article-body__section" id="section-inaction-is-not-an-option"><span>Inaction is not an option</span></h3><p>Given the access that local councils have to public data, doing nothing is not really an option even if the current budgetary climate is forcing authorities to make drastic cutbacks.</p><p>As James Moar of Juniper Research explains, councils need to "be aware of penalties for non-compliance with data handling and data security regulations. While the costs of a rigorous cybersecurity posture may seem large, the penalties and PR fallout are likely to be much larger."</p><p>"To not be worried about attacks in the current climate is to be nave about cybersecurity," he adds. "While the benefit of an attack may not be immediately obvious to potential targets, that does not mean they will not be targeted."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Microsoft Windows Server 2016 preview hits timing snag  ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/server/24345/microsoft-windows-server-2016-preview-hits-timing-snag</link>
                                                                            <description>
                            <![CDATA[ Current preview will expire next week, but no replacement will be offered until May ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">7hSpgBxW4qbg6BK55XJPye</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/7WgBrkSAHFA3NVo7cwRjiG-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 07 Apr 2015 10:28:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Microsoft]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                                                                                    <dc:creator><![CDATA[ Joe Curtis ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/7WgBrkSAHFA3NVo7cwRjiG-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/7WgBrkSAHFA3NVo7cwRjiG-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Microsoft's current preview of Windows Server 2016 is set to expire in just over a week, with no replacement due until May.</p><p>Windows Server Technical Preview was made available last October, but will stop working on April 15, with the next preview only scheduled for release at some point next month.</p><p>The Redmond giant said in <a href="http://blogs.technet.com/b/windowsserver/archive/2015/04/03/how-to-continue-using-windows-server-technical-preview.aspx?linkId=13327174" target="_blank">a blog post</a> that it will deliver an interim solution for customers wanting to continue using the preview, but with the expiry just eight days away, it may be a close run thing.</p><p>Exactly what improvements will be available in the second preview of Server 2016 are currently a mystery, but the preview was delayed from a slated January release to make room for significant changes.</p><p>This news broke shortly before a leaked Redmond presentation revealed <a href="http://www.cloudpro.co.uk/cloud-essentials/4866/leak-reveals-microsofts-cloud-focused-nano-server" target="_blank">Microsoft's working on a "Nano server" based on a Cloud OS infrastructure</a>.</p><p>The virtualised nano server is aimed at letting IT admins deploy a lightweight server infrastructure, and the slides describe it as the "future nucleus" of Windows Server.</p><p>Whether or not Microsoft is far enough along the nano server track to make any of its features available in the latest Server 2016 preview remains to be seen, however.</p><p>The next iteration of Windows Server won't be released until next year, meaning it's not an option for those migrating from Server 2003, due to expire on 14 July 2015.</p><p>IT community Spicework's recent special report, <em><a href="https://www.itpro.com/operating-systems/24251/end-of-life-security-fears-fuel-mass-migration-from-windows-server-2003" target="_blank" data-original-url="https://www.itpro.com/operating-systems/24251/end-of-life-security-fears-fuel-mass-migration-from-windows-server-2003">The Great IT Upgrade</a></em>, suggests that 48 per cent of 1,300 Server 2003 users are in the process of migrating, with 15 per cent already on another OS.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
            </channel>
</rss>