[Completion] Emergency Security Patching for Fully-Managed Windows 2012+ servers - August 20, 2020
Posted by Michael Lederhos on 20 August 2020 09:54 PM
Completion ( Sun 23 Aug 2020 10:08:10 PM MDT ) All updates to production non-cluster servers that did not require a separate maintenance window are complete.|
Update 3 (Sat 22 Aug 2020 21:30:24 PM MDT)
After 10 PM MDT tonight we will be continuing with updates, including updates to some standalone hypervisors. We will be monitoring and ensuring that servers come back up after the reboots.
Update 2 (Fri 21 Aug 2020 00:35:56 PM MDT)
Automatic reboots of hosts in the discussed scope have completed for tonight and all servers have come back up. We will proceed with additional updates tomorrow evening after 10 PM MDT.
Update 1 (Thu 20 Aug 2020 10:24:16 PM MDT):
Automatic reboots of hosts in the discussed scope have begun, and will be occurring over the next hour. We will monitor servers to ensure they come back up without incident.
Purpose of Work:
A privilege elevation vulnerability (CVE-2020-1530 and CVE-2020-1537) affects all supported versions of windows server so far. This vulnerability exists when Windows Remote Access improperly handles memory or file operations. The exploit requires an attacker to have execution capabilities on the victim system. Systems hosting websites or with web-accessible services are particularly vulnerable.
Due to the ability of this vulnerability to allow privilege escalation and the wide attack surface, we will be patching and rebooting all affected, fully-managed hosts overnight.
Standalone hypervisors would be a general exception to this, and customer-owned Windows HVs that host unmanaged VMs, but also run Windows 2012+ should have their maintenance scheduled with us, separately.
Customers with their own update infrastructure will also be scheduled separately.
You can read more about the exploits (and patches mitigating it), here: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1530 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1537
We will update you as maintenance begins.
Impact of Work:
All affected hosts will be rebooted automatically / ASAP to propagate fixes, starting at 10:10PM MDT on Thursday the 20th.
Internal systems on Windows 2012 and up (such as the management portal) may be temporarily impacted in the time it takes to reboot them.
Hypervisors in a failover cluster will have rolling reboots done, in order to eliminate VPS downtime on said clusters.
Any hosts not on our fully-managed domain (usually because they have their own domain) will not be impacted; the controlling organizations will be notified separately.
Please contact us with any questions / comments / concerns.