RSS Feed
News
Jul
14
End of Maintenance, 2:37am:
All fully-managed hosts that do not have special scheduling requirements are either updated, or well on their way to being updated.  We will reach out to clients with special scheduling requirements, and audit all hosts that were automatically updated tonight to confirm patching compliance.  The bulk of the remaining automatic reboots should be finished within 30 minutes.


Update, 12:05am:
Updates have been deadlined, and servers meeting the previously outlined criteria will begin to reboot shortly.  We will monitor all servers to ensure they come back up normally, and install the update properly.



Purpose of Work:
A remote code execution vulnerability (CVE-2020-1350) affects all versions of the  DNS Server role in all versions of windows server so far.  This vulnerability is wormable, and would run under the system context, giving any attackers full control of an affected DNS host.

Due to the ability of this vulnerability to quickly spread through and take control of any hosts running the DNS Server service on a network, we will be patching and rebooting all affected, fully-managed hosts overnight.  

Standalone hypervisors would be a general exception to this, and customer-owned Windows HVs that host unmanaged VMs, but also run a DNS server should have their maintenance scheduled with us, separately.

Customers with their own update infrastructure will also be scheduled separately.


You can read more about the exploit (and patches mitigating it), here: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350

We will update you as maintenance begins.


Impact of Work:
All affected hosts will be rebooted automatically / ASAP to propagate fixes, starting at 10:30PM MDT on Tuesday the 14th.

Internal systems on windows 2008 and up (such as the management portal) may be temporarily impacted in the time it takes to reboot them.

Hypervisors in a failover cluster will have rolling reboots done, in order to eliminate VPS downtime on said clusters.

Any hosts not on our fully-managed domain (usually because they have their own domain) will not be impacted; the controlling organizations will be notified separately.


Please contact us with any questions / comments / concerns.

Read more »



Jun
26
cPanel users, please read - cPanel-Security Notice TSR-2020-0003
Posted by Anthony Kolka on 26 June 2020 10:16 AM

Tickets from several clients have made us aware of a phishing scam.
Several clients are receiving an email that appears to be from cpanel with the subject of "cPanel-Security Notice TSR-2020-0003" this advisory was sent out originally in May.
The email making its rounds now contains a large orange button that says "Update your cPanel & WHM Installations". This link takes you to a Chinese phishing site where they attempt to obtain your cPanel credentials.
Please do not click that link, and remember to be wary of and check the destination of any links or buttons you recieve in emails.


Read more »



Jun
5
myLittleAdmin vulnerability on Plesk with MSSQL
Posted by Anthony Kolka on 05 June 2020 09:56 AM

The DB GUI access software myLittleAdmin that is installed along with MSSQL on plesk installations has been found to have a severe remote access and rights escalation vulnerability.

Plesk recommends uninstalling myLittleAdmin completely. We are in the process of performing this action for all fully managed clients using Plesk.

https://support.plesk.com/hc/en-us/articles/360013996240
https://ssd-disclosure.com/ssd-advisory-mylittleadmin-preauth-rce/


Read more »



Jan
14

Update: Wed Jan 15 00:37:28 MST 2020 

While the maintenance event was kicked off at 9PM as planned, recent changes to windows server 2019 (and certain 2016 builds) seem to have reduced our ability to force servers to check for updates when on a domain.

Most of the servers we planned to apply this update to tonight have automatically rebooted by now, and will continue to over the course of the night.

We will be checking in tomorrow to see if any are pending, and will continue to update servers overnight as needed.

Hypervisors and clients with their own WSUS environments (with servers that would be impacted by this vulnerability) will still be scheduled separately.



Purpose of Work:
A spoofing vulnerability (CVE-2020-0601) affecting the Cryptography API in servers running Windows Server 2016 / Windows 10 or newer has been discovered.  Said exploit allows attackers to spoof valid code-signing of arbitrary executables, allowing any malware to evade detection by typical means and bypass built-in protections by masquerading as legitimate programs, and allowing attackers to MITM encrypted connections far more easily by impersonating legitimate services.

Due to the ability of this vulnerability to subvert trusted services and exacerbate any future RCE vulnerabilities immensely, we will be patching and rebooting all affected, fully-managed hosts overnight.  

Standalone hypervisors would be a general exception to this, and customer-owned Windows HVs that host unmanaged VMs should have their maintenance scheduled with us, separately.

Customers with their own update infrastructure will also be scheduled separately.


You can read more about the exploit (and patches mitigating it), here: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601

The NSA has made a post here regarding this exploit: https://www.nsa.gov/News-Features/News-Stories/Article-View/Article/2056772/a-very-important-patch-tuesday/


We will update you as maintenance begins.

Impact of Work:
All affected hosts will be rebooted automatically / ASAP to propagate fixes, starting at 9PM MDT on Tuesday the 14th.

Internal systems on windows 2016 and up (such as the management portal) may be temporarily impacted in the time it takes to reboot them.

Hypervisors in a failover cluster will have rolling reboots done, in order to eliminate VPS downtime on said clusters.

Any hosts not on our fully-managed domain (usually because they have their own domain) will not be impacted; the controlling organizations will be notified separately.


Please contact us with any questions / comments / concerns.


Read more »



Dec
29
Limited Support availability, Dec 29 2019, 16:30-20:30 MDT
Posted by David Cunningham on 29 December 2019 01:54 PM
Our staff is attending a company event and support team responses may be delayed during this time, with troubleshooting limited except in response to emergency matters.  Remote monitoring for such issues will still be done as usual.


This event is scheduled to take place from 4:30-8:30PM tonight.  Operations should resume as normal around 8:30PM Denver time, more or less.

Thank you; we appreciate you and your understanding!
Read more »



Nov
25
Limited hands on support at H5 overnight
Posted by Gina Coleman on 25 November 2019 08:53 PM
Hello,

Overnight staff is working remotely tonight due to the poor road conditions as cdot has advised avoiding travel
During this time non-emergency hands-on support (such as hardware upgrades or changeouts that do not involve a failing host) will be delayed until Tuesday afternoon.

Normal helpdesk support is not affected.

Read more »