Just got off the phone with Microsoft, tech apologized for not being able to confirm my earlier supposition here (He totally fooled me into thinking it was unrelated). Tech sent me to this article here.
I explained at colourful length my opinion of the superlative way Microsoft’s corporate communications staff handled this general patching window, which I’ve spoken about in my previous post.
The tech mentioned I might want to check out Google’s blog.
Also, Project Zero have posted an update here which goes into much more depth about the exploits they developed.
Reading between the lines it seems as if Google jumped the gun, and now Microsoft (and presumably the rest of the world) are playing catchup.
Linus Torvalds, in his typical style, sums Intel up nicely here.
What a fun start to 2018, eh!
Cheers, and good luck!
Update 03:10 UTC 04 JAN Microsoft have released KB4056892 to resolve this issue on Windows 10 machines however it looks like they may have had to rush it out as there are several known issues with it.
Happy New Year, my fellow admins!
In a wonderful start to 2018, Microsoft has decided to enforce a reboot of customer VMs in several regions.
I’d recommend you check your Azure Service Health blade’s “Planned Maintenance” section if you run anything in Azure before January 9th 12:00 UTC to see if you are affected!
Text of the notice below:
Dear Azure customer,
Your Azure Virtual Machines (VMs) require an important security and maintenance update. The vast majority of Azure updates are performed without impact but, for this specific update, a reboot of your VMs is necessary.
A maintenance window has been scheduled starting January 10th 2018 (00:00 UTC) during which, Azure will automatically perform the required VM reboot. An affected VM will be unavailable for several minutes, as it reboots. For any VM in an availability set or a VM scale set, Azure will reboot the VMs one Update Domain at a time to limit the impact to your environments. Additionally, operating system and data disks will be retained during this maintenance.
You have one or more VMs that are eligible to initiate self-service maintenance proactively at any time between now and January 9th, 2018 (12:00 UTC). You can see which VMs are eligible for a self-service maintenance and initiate this step using the Azure Portal (Use the Azure Service Health link below). Also see the how-to guides for Windows/Linux VMs to learn more.
If you complete this self-service maintenance step before January 9th, your VMs will be marked as updated and will not be impacted by the scheduled maintenance window. If you initiate self-service maintenance, the temporary disk will not be maintained.
Continue Reading “Happy New Year : Now Reboot all your Azure VMs (Updated)”
I’d like to share a tool I wrote earlier this year for inventorying Windows services running on domain computers running Server. I’m a big fan of PowerShell, and since getting a handle on a services “landscape” is something I’ve previously had to do multiple times manually I decided to automate it back in January. Plus, it’s a rare environment I’ve come across where someone has had the time to accurately inventory all the service accounts and/or taken a look at whether there are “zombie” servers or computer accounts within the domain.
Continue Reading “Inventorying Service Accounts and Computers with Powershell”