RSS Feed
Latest Updates
Jan
8
Critical Updates on Fully Managed Servers
Posted by Tyler Molamphy on 08 January 2018 10:33 AM
Hello Handy Networks News subscriber,

As you may be aware, a number of serious vulnerabilities have been disclosed that affect a wide set of CPU architectures. The good news is that so far there have been no reports of this being exploited in the wild. However, because a working proof of concept exists, it is only a matter of time before an exploit is developed using these concepts.

Be advised that all Self Managed servers should be updated ASAP, regardless of Operating System. All Windows servers should install the January 2018 Windows security update and be rebooted to apply. All Linux servers should be fully updated by the package manager and rebooted to apply the new kernel, if kpslice or similar is not available. If your Self Managed Windows server is using our WSUS server for updates, the patch will be pushed to your host at approximately 8PM tonight (20:00 01/08/17 Mountain Time).

All Fully Managed Windows servers will be patched and rebooted at their normally-scheduled weekly Windows Update period. All Fully Managed Linux servers are being patched now, and will be rebooted to apply updates at midnight tonight (00:00 01/09/17 Mountain Time). Please open a ticket with us at support@handynetworks.com if you would like to schedule a reboot at a different time.


https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution
https://access.redhat.com/security/vulnerabilities/speculativeexecution

Read more »



Dec
20
Hidden Backdoor Found In WordPress Captcha Plugin Affects Over 300,000 Sites
Posted by Anthony Kolka on 20 December 2017 09:00 AM
Hello Handy Networks Support news subscriber,

 With the amount of WordPress sites living on our network we felt that everyone should be aware of a Captcha plugin by  

 https://thehackernews.com/2017/12/wordpress-security-plugin.html 

If you or any of your clients are using this plugin in a wordpress site it needs to be removed immediately.
Read more »



Dec
13
Network Maintenance (Update)
Posted by Pete Carstensen on 13 December 2017 09:59 AM
Update: 9:50PM - This maintenance is complete.  Thank you for your patience and apologies for the inconvenience

Date:  Dec 13, 2017
Time: 9:30PM - 10:00PM (Mountain Time)

Purpose of Work:
We will be replacing our Juniper Router designated sw1-g3 due to filesystem inconsistencies on the router operating system. Customers connected to this router can expect a period of network interruption lasting 15-30 minutes
Read more »



Oct
18
Date: October 18, 2017
Time:
10:00PM - 11:00PM Mountain Time

Purpose of Work:
The current firmware running on our Nimble storage arrays is susceptible to an unplanned service restart at increments of 208.5 days of system uptime. We will be upgrading the installed firmware to the most recent version in order to address the matter before the next interval. We will be updating both Denver Tech Center systems as well as our DR site in Phoenix, AZ

Impact of Work:
The primary impact is a temporary loss of redundancy.  The Nimble storage array is a dual controller system. The upgrade procedure involves installing the updated firmware on the 'offline' side of the controller, followed by a deliberate transfer to the updated controller. We will then update the now 'offline' controller and the system as a whole will be returned to a normal redundant mode of operation. The entire process is expected to be transparent to all users.

Update: 
This firmware upgrade has been completed without incident.
Read more »



Sep
14
Critical Updates on Fully managed servers
Posted by Anthony Kolka on 14 September 2017 10:36 PM
2017-09-14

  
Microsoft has released multiple patches for security vulnerabilities and 0 day exploits in multiple products. Most notable is the .Net framework.

http://thehackernews.com/2017/09/windows-zero-day-spyware.html

As a result we have changed all automatic update schedules for fully managed hosts to update tonight at 2:00 AM MDT.

We strongly encourage everyone not using our WSUS server to update their systems as well. Please usage your windows clients to update their systems.
Read more »