Researchers have never before seen SquirrelWaffle attackers use typosquatting to keep sending spam once a targeted Exchange server has been patched for ProxyLogon/ProxyShell.
Threatpost
Posts tagged "Server"
Critical ManageEngine Desktop Server Bug Opens Orgs to Malware
Zoho’s comprehensive endpoint-management platform suffers from an authentication-bypass bug (CVE-2021-44757) that could lead to remote code execution.
Threatpost
Microsoft pushes out emergency fix for Windows Server mess
Microsoft is addressing the problems caused by the January 2021 Patch Tuesday updates – with more updates.
The company has issued an emergency out-of-band (OOB) update to address bugs that forced domain controllers to reboot endlessly, broke Hyper-V, and rendered ReFS volumes inaccessible while showing them as RAW file systems.
“This update addresses issues related to VPN connectivity, Windows Server Domain Controllers restarting, Virtual Machines start failures, and ReFS-formatted removable media failing to mount,” Microsoft explained in the update catalog.
Patches breaking things
All of the patches, issued for different versions of the Windows OS, can be found in the Microsoft Update Catalog. Some can also be obtained through Windows Update, but being labeled as optional, Windows admins need to manually check for updates if they want to take this route.
The updates listed below, however, can only be obtained through the Update Catalog:
Issuing patches for Windows has been nothing short of a roller coaster recently. Earlier in January 201, a patch issued for Windows 10 and Windows 11 broke the software’s built-in VPN tool, preventing it from establishing a connection.
The only way to rid the system of the bug is to uninstall the patch altogether, which also meant exposing the systems to known vulnerability issues. One such issue was recently found (and fixed in that same patch) in the HTTP Protocol Stack. The flaw allows a malicious actor to execute arbitrary code, remotely, without much user interaction.
There’s yet no malware abusing this flaw out there, but being extremely dangerous, it’s only a matter of time before one is discovered. To protect vulnerable devices, disabling the HTTP Trailer Support feature will suffice.
Windows admins will need to carefully weigh the benefits and the downsides of installing, as well as uninstalling, these patches, until Microsoft sorts all of the problems that have piled up in recent times.
- These are the best dedicated server hosting providers right now
Via: BleepingComputer
Microsoft Yanks Buggy Windows Server Updates
Since their release on Patch Tuesday, the updates have been breaking Windows, causing spontaneous boot loops on Windows domain controller servers, breaking Hyper-V and making ReFS volume systems unavailable.
Threatpost
Critical Apache HTTPD Server Bugs Could Lead to RCE, DoS
Don’t freak: It’s got nothing to do with Log4Shell, except it may be just as far-reaching as Log4j, given HTTPD’s tendency to tiptoe into software projects.
Threatpost
Half-Billion Compromised Credentials Lurking on Open Cloud Server
A quarter-billion of those passwords were not seen in previous breaches that have been added to Have I Been Pwned.
Threatpost
Malicious Exchange Server Module Hoovers Up Outlook Credentials
“Owowa” stealthily lurks on IIS servers, waiting to harvest successful logins when an Outlook Web Access (OWA) authentication request is made.
Threatpost
Zimbra Server Bugs Could Lead to Email Plundering
Two bugs, now patched except in older versions, could be chained to allow attackers to hijack Zimbra server by simply sending a malicious email.
Threatpost
HPE Fixes Critical Zero-Day in Server Management Software
The bug in HPE SIM makes it easy as pie for attackers to remotely trigger code, no user interaction necessary.
Threatpost
DarkSide Ransomware Suffers ‘Oh, Crap!’ Server Shutdowns
The RaaS that crippled Colonial Pipeline lost the servers it uses to pull off ransomware attacks, while REvil’s gonads shrank in response.