Microsoft “Sandworm” Vulnerability

Hello,

 

Hours ago iSIGHT Partners along with Microsoft announced a Zero-Day vulnerability named “Sandworm” found in all current versions of Microsoft Operating systems. Microsoft has already created a patch and have released it as one of their  security updates as of October 14, 2014 . We have started the process of updating all servers under our Proactive and Managed Services Platform. For our Clients who do not have our Proactive or Managed services, it is highly recommend that the security update from Microsoft be ran as well as all other important security updates through the Windows Updater . Additional information may be found here http://www.isightpartners.com/2014/10/cve-2014-4114/ & https://technet.microsoft.com/en-us/library/security/MS14-060

 

 

If you require any assistance or have questions please reach out to our Friendly support staff here @ http://www.codero.com/support

 

We will update this blog post and our client base as details emerge about this exploit.

 

Updates

  • There are currently no updates. Please subscribe for updates or check back soon.

Anonymous Group Threatens to Shut Down the Internet on March 31

Please note that the hacking group known as Anonymous has issued a threat to shut down the Internet on Saturday March 31, 2012, by attacking the 13 root DNS servers that enable the Internet. If the attack is successful, domain names will not be translated to IP addresses, effectively eliminating the ability for anyone to reach any website after DNS Time-to-Live (TTL) levels expire, except by IP address.

The root DNS servers are located throughout the world and are operated by different entities, including Verisign, NASA, ICANN, and the U.S. Army Research Lab. Note that each root server is actually a cluster of individual servers typically housed in multiple geographical locations to increase fault tolerances.

If the attack is successful, your server may be accessible (because routing to individual IP addresses will not be affected, and because DNS entries may be cached) but your web site may not be accessible (because the attack will impact web browsers and other systems that route traffic using domain names after caching expires). Because the attack will target servers outside of Codero’s control and part of the entities that host all DNS servers for the internet, in the case of a successful attack, there will be little that you or Codero will be able to do to restore access, till such a time that the attack subsides or is neutralized.

Though there is no action needed on your part, we wanted to inform of you of this in case the attack is successful and you are unable to browse the Internet as you are accustomed to.

Updates

  • There are currently no updates. Please subscribe for updates or check back soon.

Windows RDP Remote Code Execution Vulnerability

All currently supported versions of Microsoft Windows are vulnerable to remote code execution through the RDP protocol.  Patches were released today by Microsoft. If you have automatic updating enabled (the default setting),  the patch will be automatically installed on your server. It can also  be installed through Windows Update, or downloaded directly from Microsoft:

http://technet.microsoft.com/en-us/security/bulletin/ms12-020

Codero Windows Managed customers do not need to do anything, as this patch is already installed for you.

If you have any questions, please submit a ticket through Server Portal.

Updates

  • There are currently no updates. Please subscribe for updates or check back soon.

How to Fix the Recent Plesk Security Vulnerability

All versions of Plesk released before September of 2011 are vulnerable to a security issue which can compromise your server. Codero has seen hundreds of Plesk servers compromised through this security vulnerability,  so we recommend that you take immediate action to resolve this.

Note:  If you are a managed server customer, Codero  has already patched your server(s) and no action is needed on your part.  If you are not a managed server customer, patching your server is your responsibility.  If you need assistance, Codero staff can patch your server(s) for you at our Advanced Support rate of $99/hour.  Please login to ServerPortal.com and submit a support ticket if you wish Codero to patch your server for you.

You can check if you are vulnerable by running this script from Parallels. If the script says “Plesk is up to date” or “The patch has been successfully applied” you do not need to do anything further.

If you receive the message “The patch has not been applied” you need to update Plesk to a newer, more secure version.

You need to know what major version of Plesk you are on to update. Instructions for finding your version of Plesk. An example version is “9.2.1 CentOS 5 92090422.13”. This server is on major version 9, minor version 2.1, with microupdate #13.

The official Parallels directions on how to run the autoinstaller to apply updates are here.

If you are on major version 8, you need to update to 8.6.0. If you are already on 8.6.0, you may need to run the autoinstaller twice to upgrade the autoinstaller itself to be able to receive microupdates. 8.6.0 with microupdate #2 is the first safe version.

If you are on major version 9.x, run the autoinstaller and select version 9.5.4. 9.5.4 with microupdate #11 is the first safe version.

If you are on major version 10.x, upgrade to at least 10.3.3 and install all microupdates through the autoinstaller.

Once you are done upgrading, please run the vulnerability checker again to verify you have fixed the issue. If you are not able to perform the update for any reason, please open a ticket through Server Portal.

Please note, if your server becomes compromised due to this vulnerability and you did not patch despite the multiple notices from Codero, the Server Protection Plan will not be in effect for the compromise. 

Updates

  • There are currently no updates. Please subscribe for updates or check back soon.

Security Notification: BIND DoD Vulnerability, Update Plesk 9.5 & 10 Windows

BIND has announced a vulnerability that can result in a denial of service (server crash) caused by receipt of a specific remote dynamic update message.

Please be aware that this vulnerability will affect all servers that have BIND 9.7.1 or 9.7.2 installed. Parallels Plesk Panel 9.5 for windows and Parallels Plesk Panel 10 for windows ships with this version of bind and these servers should be upgraded to BIND 9.7.3 immediately.

When an authoritative server processes a successful IXFR transfer or a dynamic update, there is a small window of time during which the IXFR/update coupled with a query may cause a deadlock to occur. This deadlock will cause the server to stop processing all requests. A high query rate and/or a high update rate will increase the probability of this condition.

How to upgrade BIND on Plesk Windows: http://kb.parallels.com/5542

Parallels will be providing upgraded versions as a patch and then again in the next major release.

Please remember to review all of your deployment policies as they relate to all servers with these versions of BIND.

This notification is made pursuant to our development policy of notifying users when critical security issues arise and making fixes available as soon as possible. Please ensure that this patch has already been applied as soon as possible.

 

Updates

  • There are currently no updates. Please subscribe for updates or check back soon.

Security Notification: Parallels Plesk Panel 10.0.1

Parallels has issued a security hotfix to Parallels Plesk Panel 10.0.1 through the Micro-Updates system.

It is referenced as MU#2 – Plesk admin password changing.

The Micro-Update delivers bug fix for a vulnerability that could allow authorized Plesk users to change Plesk ‘admin’ password and then compromise Control Panel.

For instructions on implementing Micro-updates, please refer to:

http://kb.parallels.com/en/9294 – Using Micro-Updates in Parallels Plesk Panel 9.x, 10.x and Parallels Small Business Panel.

For instructions on upgrading from the panel, please refer to the Administrator Manual at:

http://download1.parallels.com/Plesk/PP10/10.0.1/Doc/en-US/online/plesk-administrator-guide/index.htm?fileName=59215.htm

This notification is made pursuant to our development policy of notifying users when critical security issues arise and making fixes available as soon as possible. Please ensure that this patch has already been applied as soon as possible.

Updates

  • There are currently no updates. Please subscribe for updates or check back soon.

Important: Windows Server Vulnerability

Microsoft has released instructions related to patching an  ASP.NET vulnerability on Windows OS servers.  All Windows customers should visit the Codero Knowledge Base Article below for information on patching your server.

Knowledge Base Article on ASP.NET Vulnerability

Please note that if you have a managed services plan on your server, Codero has already patched your server.  If you are interested in Codero maintaining the security of your server, please contact your Account Executive today and discuss adding managed services.

If you do not have managed services, please be sure to keep your server secure by applying all patches in a timely manner.  Failure to do so could result in your server becoming compromised and loss of data.  Should your server become compromised, Codero may deem it necessary to restrict access to your server to prevent other servers on our network from becoming infected.  In many cases, compromised servers require a complete reinstall, which is not included with your server plan, and may result in loss of data.

If you have any questions about this vulnerability, please submit a ticket via ServerPortal.com.

Updates