Monday, 20 April 2015

Critical Windows patch

Microsoft have released a new patch in response to a critical vulnerability in Windows. The flaw enables attackers to compromise the security of Windows servers using specially crafted web traffic.

If you are responsible for any Windows servers or desktops, please ensure they are patched as soon as possible. The patch and supporting documentation is available from
https://technet.microsoft.com/library/security/MS15-034

We are patching machines managed by us to make sure they aren't vulnerable. We'll also take care of patching virtual machines hosted by us in our VMWare estate. We've taken the decision to do this patching out of hours so as not to cause any interruptions to service during the working day.

Windows servers that accept http requests are vulnerable; note that your server does not necessarily have to be running a website to be affected, for example it could be a management system. Affected versions include Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2.

If you want to know more about the vulnerability, here is a useful blog post from The Register: http://www.theregister.co.uk/2015/04/16/http_sys_exploit_wild_ms15_034/