Microsoft Announces 97 Vulnerabilities in Windows

Microsoft, Ophtek, patches, Windows 10, Windows 11, Windows 7, Windows 8, Windows Server, zero-day, , , , , , , ,
25
Jan 2022

Windows is one of the most popular operating systems around and, as it’s a Microsoft product, you would like to think it’s safe. But this isn’t quite true.

As part of their January 2022 ‘Patch Tuesday’ report, Microsoft announced that 97 new security vulnerabilities had been discovered across its range of operating systems. And with an estimated 1 billion Windows PCs in use across the globe, this is very concerning. Any operating system, of course, is a highly complex piece of software. The sheer amount of coding required, to deliver high quality functionality, means that mistakes are inevitable. And then there are the hackers, individuals who are determined to find new and innovative ways to breach Windows.

What Were the Vulnerabilities?

Nine of the reported vulnerabilities were classed as critical by Microsoft, with the remaining 88 being classed as significant threats. Technical details are yet to be released, but it’s known that some of the critical vulnerabilities were associated with Microsoft Exchange Servers and the HTTP Protocol Stack. And, in particular, the HTTP Protocol Stack vulnerabilitiy is one which would allow hackers to allow remote code execution i.e. taking control of an affected PC from a remote connection.

Six of the vulnerabilities discovered have also been categorized as zero-day vulnerabilties. These affect a range of Windows background processes and, as they are classed as zero-day, it’s believed that they were known to hackers before Microsoft’s announcement. Collectively, the 97 vulnerabilities are believed to have impacted the security of major Microsoft applications including Excel, Word, Edge, Windows Defender and all manner of network tools. As a result, it’s believed that users of Windows 7, Windows 8, Windows 10, Windows 11, Windows Server 2019 and even Windows Server 2022 are all at risk.

How Can Windows Users Stay Safe?

Naturally, any user of Windows is likely to be very concerned after reading the above. But the good news is that Microsoft’s January 2022 patch addresses all of these vulnerabilities. Installing it, therefore, should be the number one priority for any PCs running Windows. And that will be nearly all of them. Unfortunately, for those running Windows Server 2019 and Server 2022, this patch was withdrawn due to bugs it was generating in these environments. Users of these operating systems should remain extra vigilant and ensure that automatic Windows updates are in place.

Final Thoughts

The last few months have been relatively poor for Microsoft when it comes to patching vulnerabilities. In September 2021, it was revealed that their patch for the ‘PrintNightmare’ flaw contained bugs which negatively affected numerous printers. And, now, it appears to be history repeating itself with Windows Server users left vulnerable to both security risks and buggy updates. These issues will, no doubt, be rectified quickly but, as ever, time is of the essence when it comes to PC security. Ultimately, installing each and every security update remains the very best practice for protecting your IT devices.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Windows Server 2003 End of Life Approaching

Network
13
Apr 2015

server-2003-grave800

With Windows Server 2003 end of life fast approaching, find out why it’s essential to migrate systems sooner rather than later to avoid problems.

The official date for Microsoft to end their support for Server 2003 is July 14 2015. We’ll outline here why businesses ought to update their systems in a timely manner to prevent difficulties and disruption to business operations.

End of Life Impact on Business

For businesses running Windows Server 2003, it’s important to consider the fact that Microsoft will stop releasing security updates and patches; leaving systems open to vulnerability on a network.

High priority should be given to a migration strategy ASAP to protect the IT infrastructure from any risk of attack due to, what will soon come to be, un-patched vulnerabilities.

Another significant consideration is third party vendors also ending their support of their programs running on Windows Server 2003. Resources and efforts to continue to support the soon-to-be legacy operating system will be reduced to focus on supporting newer OS builds.

Why Migrate?

Now is the time to migrate all Server 2003 machines to be sure that:

  • Any new vulnerability can be patched and updated to help lock down security.
  • All crucial applications can continue to be supported by vendors.
  • A newer operating system will also help improve performance.
  • Receiving faster response times to any given issue as well as access to quick fixes.
  • Complying with HIPAA regulations as it states under section 164.308 (a)(1)(ii)(B) that such security measures need to be in place to lower the risk of vulnerabilities to a manageable degree.
  • Complying with PCI section 6.1, which reiterates the same safety measures as HIPAA, stating for all businesses to protect their systems from vulnerabilities by applying updated patches from the vendor.

If a high majority of Servers in a data center run Server 2003 past Microsoft’s end of support period, this will infringe on both HIPPA and PCI regulations, especially for those businesses covered under it.

Windows Server 32-bit Issues

Another known problem to consider is a design flaw of the memory pool for Server 2003 32-bit systems when running newer third party applications.

Any third-party applications running on this particular version of Server 2003 are known to take up paged pool and non-paged-pool memory. The problem arises from these newer applications depleting both paged pool and non-paged pool on the already limited Server 2003 32-bit systems.

This particular problem originates in the boot.ini file which specifies a 3GB limitation option. This setting causes the memory to be first allocated to a program running within the server causing the page-pool or non-page pool memory to diminish. Many newer programs require a larger amount of memory to be “pooled” causing the server to lock-up. This usually leads to a server crash.

Final thoughts

windows-server-2003-end-of-life1-940x589

We suggest to plan a migration to Server 2012 R2 or Server 2008 R2 assuming your business operations really need a dedicated server. It can take some time to approve any change requests and to plan a migration within an organization, therefore it’s best to start now to ensure the least amount of disruption to business operations.

For more ways to securely migrate your old systems, contact your local IT professionals.

Read More