On Wednesday, July 15th we found out that many of our clients were impacted by 2 major Microsoft problems – a critical server vulnerability and a bad Microsoft update that led to Outlook crashing repeatedly. I will do my best to accurately, yet simply explain both. In case you’re interested in the more technical details, I will add links to more detailed posts at the bottom of this page.
A researcher from Check Point, a cyber-security company, discovered a vulnerability within Windows Server software and reported it to Microsoft. The vulnerability “SIGRed” allows an unauthenticated, remote attacker to gain domain admin privileges over Windows DNS servers and take over an organization’s entire IT network. The vulnerability is wormable, meaning that the flaw could spread throughout an entire network within minutes without human interaction. It holds a severity score of 10 out of 10 on the Common Vulnerability Scoring System(CVSS) scale. Also of note is the fact that this flaw affects Windows Server versions 2003 to 2019, making the vulnerability 17 years old.
How does it work? The attacker sends an email to an employee. Within that email is a link. As soon as the employee clicks the link they have just granted the remote attacker unlimited access to the server. The video below shows just how quickly this happens.
Microsoft quickly released patches for servers and workstations on Tuesday evening. Once applied, the server and workstations were no longer vulnerable to this particular attack. Much of Tuesday evening and Wednesday morning was occupied by patching and rebooting.
During this process, we started getting calls from clients about an unrelated issue.
2: Outlook crashing:
Outlook would open for a second and then close itself immediately. A recent update to the Office software suite was causing Outlook to crash immediately after open. Microsoft began tracking the issue around 9:20AM EST on Wednesday July 15th.
Users experiencing Outlook connection issues and crashes
EX218604, Exchange Online, Last updated: July 15, 2020 9:22 AM
Start time: July 15, 2020 9:18 AM
User ImpactHealth status message from the O365 Admin Portal website on July 15, 2020
Users may experience crashes or may be unable to access Exchange Online via Outlook.
Title: Users experiencing Outlook connection issues and crashes User Impact: Users may experience crashes or may be unable to access Exchange Online via Outlook. Current status: We’re investigating a potential issue in which users may experience crashes or may be unable to access Exchange Online via Outlook. We’ll provide an update in 30 minutes.
The IT community quickly found a workaround to the issue so that customers could get back to work, but ultimately the affected workstations required a re-install of the Office suite software after hours.
Wednesday, July 15th was a heck of a day involving patching and rebooting every server and computer at each of our clients’ sites. If you are not monitoring and regularly updating your computers and servers, you are susceptible to this and other attacks. Call us at 504-372-1372 to discuss our fully managed IT services which includes regular patches and updates on computers and servers.
As promised, here are the links to more details about each issue.