Hello,

Overnight staff is working remotely tonight due to the poor road conditions as cdot has advised avoiding travel until normal commuting hours. During this time non-emergency hands-on support (such as hardware upgrades or changeouts that do not involve a failing host) will be delayed until Wednesday morning.

Normal helpdesk support is not affected.

cPanel has recently announced a complete overhaul to the way they structure their licensing costs. Going forward, cPanel licenses will be billed based on number of accounts rather than a flat rate for the license. In order to ensure we’re billing our clients for the most accurate number of accounts, we will be charging for all licenses on the 13th of each month.

An explanation and FAQ on these changes from cPanel can be found here: https://forums.cpanel.net/pages/partners/

The new pricing structure is outlined below:

Cloud:

cPanel Admin Cloud - Up to 5 Accounts - $13.40/mo
cPanel Pro Cloud - Up to 30 Accounts - $18.73/mo
cPanel Plus Cloud - Up to 50 Accounts - $26.75/mo
cPanel Premier Cloud - Up to 100 Accounts - $34.25/mo
cPanel Premier Cloud Bulk Account - Each account over 100, per account - .10c/mo

Metal:

cPanel Premier Metal - Up to 100 Accounts - $34.25/mo
cPanel Premier Metal Bulk Account - Per Account - .10c/mo

We regret to have to pass along these increased license costs to our clients, and understand the impact these increased costs will have for your business. 

Your billing account has been updated to reflect these new license costs. You can review this information in the billing portal at https://billing.handynetworks.com. 

Please do not hesitate to reach out to us with any additional questions or concerns you may have regarding these licensing changes, and thank you for your understanding as we work through these changes together.

[Update, Wed Sep 25 00:47:12 MDT 2019] - Uninstallation of the old revision of this update has been confirmed; updates will now begin, and should be done servers within the scope in 1-2 hours.  During this time your host may be rebooted.

We are also including GMT hosts in this update cycle, despite the time of day.  Reboots should be fast, from what we've observed.




[Update, Tue Sep 24 20:29:43 MDT 2019] - We will be re-deploying this update with today's revision of these updates, rather than the revision deployed yesterday.

The impact of tonight's adjusted maintenance will be the same, except servers rebooted yesterday night will have one additional reboot before the main maintenance is resumed, as part of the re-installation of this update.  This should only be about 25% of the servers in the intended scope.

The scope of the work remains the same as defined yesterday; uninstallation of the older revision will begin shortly, with the main update event beginning in roughly 1-2 hours.



Purpose of Work:

Earlier today, Microsoft released an out-of-band (or earlier than usual) update to patch a vulnerability with the internet explorer scripting engine.  Said vulnerability already has working exploits that have been encountered 'in the wild', and thus must be responded to immediately.

This vulnerability allows for remote code execution running in the context of the user that accessed an infected webpage via IE; if an admin or privileged website user gets compromised in this way, the entire server could be effectively compromised.

As such, RDS servers and any server where admins routinely use IE to perform research while looking into server issues / download programs are the most at-risk. Certain programs that use the IE backend (one example being quickbooks) may also be at-risk in some situations.


You can read more about the exploit (and patches mitigating it), here: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1367

We will update you as maintenance begins.


Exceptions:

As discussed, only fully-managed windows servers will be targeted by this maintenance to begin with.  Self-managed hosts must be updated by the responsible parties, and I would recommend this happen soon.

Any standalone hypervisors that would incur downtime of VMs as part of this maintenance reboot will be skipped; tickets requesting scheduling have been sent out to server owners.

Any customers with a multitude of servers on their own active directory domains will be skipped; tickets have been sent out to them, as well.

Any customers included in a GMT timezone update group will instead be updated tomorrow at 3PM.  If this doesn't happen for you, but should, let us know.  We can change your update group.

2003 servers will not be affected, as there was not a patch for them ( through windows updates or otherwise ).  This is typical on EOL systems like 2003 hosts, but not always the case, so it bears repeating.


Impact of Work:
All affected hosts will be rebooted automatically / ASAP to propagate fixes, starting at 11PM MDT on Monday the 23rd.

Internal systems (such as the management portal) may be temporarily impacted in the time it takes to reboot them.

Hypervisors in a failover cluster will have rolling reboots done via CAU, in order to eliminate VPS downtime on said clusters.



Please contact us with any questions / comments / concerns.