GreenPages Blog

As an IT professional, you need to stay current on all things tech; with articles from industry experts and GreenPages' staff, you get the info you need to help your organization compete and succeed!

Patch Tuesday April 2021 Edition...Here We Go Again: More Exchange RCEs

Read More

Patch Tuesday April 2021 Edition...Here We Go Again: More Exchange RCEs

By Randy Becker, VP & Principal Security Architect Microsoft April 2021 Patch Tuesday brings us 4 critical on-premises Exchange RCE CVEs, 2 with a base CVSS Score of 9.8 out of 10 with no privileges required, 1 with a CVSS Score of 9 with an attack vector adjacent with low privileges required, and 1 with an 8.8 and low privileges required.

Microsoft’s Gentle Nudge Towards CSP

By Rob O'Shaughnessy, Director, Software Sales & Renewals Enterprise Agreement 1000 User Minimum In an effort to streamline consumption products such as Office 365 (O365), Microsoft 365 (M365), Dynamics 365 (D365) and Azure towards consumption-based licensing programs such as its Cloud Solution Provider (CSP) program, Microsoft is making changes to the qualification of their Enterprise Agreement. In January 2021, Microsoft increased the minimum requirement for Enterprise Agreements to 1000 users—a jump from 500 users. This means that customers with fewer than 1000 seats of O365, M365, or D365 will no longer be able to purchase their licensing on an Enterprise Agreement. In addition, Microsoft increased the qualification amount for Azure to $600,000 per year.

New Mac Mystery Malware “Silver Sparrow” & New VMware (RCE) in vCenter!

By Randy Becker, CISO & VP, Network and Security Consulting There is a new form of malware (dubbed “Silver Sparrow” by Red Canary) that seems to be affecting Macs running Intel processors and Apple’s own M1 processors. It does not appear as though the malware has done anything nefarious, but as the saying goes, where there’s smoke there is often fire. VMware announces Remote Code Execution (RCE) vulnerability in the vCenter with a CVSSv3 base score of 9.8 CVE-2021-21972. This one looks ripe for exploitation as it is a RCE **AND** a 9.8 In addition to this, two others were found—all in the CVSSv3 range of 5.3-9.8.

The SolarWinds Saga Continues: Microsoft Estimates 1000 Developers Rewrote Code for the Attack

By Randy Becker, CISO & VP, Network and Security Consulting SolarWinds, Solorigate, Sunburst, Teardrop, Sunspot, Raindrop… will it ever end? (Check out Microsoft’s deep dive for a comprehensive summary.) The breach was even the lead story on 60-Minutes with Microsoft President Brad Smith and FireEye CEO Kevin Mandia interviewed.

As of Feb 9th Microsoft Enforces Secure RPC with Netlogon Secure Channel--What Does that Mean?

By Randy Becker, CISO & VP, Network and Security Consulting On February 9th, Microsoft moved into the second phase of enforcing CVE 2020-1472. This affects companies that are still using legacy unsupported Microsoft operating systems. Will Microsoft finally get closer to closing the vulnerability down? How may customers are affected by this?

Four Thoughts, Three Weeks In: Staying the Course During COVID-19

A Message from Jay Keating, SVP of Service Delivery & Managed Services, GreenPages

What Was Great in Windows '08 Now Needs an EOS Update

UPDATE 12/19 Windows 2008 and Windows 2008 R2 End of Service is fast approaching as Microsoft will end support on January 14, 2020. If you have servers at risk of losing support, you still have time to take action. Microsoft is offering three years of free Extended Security updates for no charge, if you migrate workloads into Azure. If you prefer to stay on-prem, upgrading to Windows 2019 Server is another option, or you take a hybrid cloud approach. Regardless of your choice, GreenPages team of experts is here to help you navigate the best solution for your needs and environment. We can right size your Azure environment if you move to the cloud or assist in understanding what’s needed for licensing and support for on-prem. We’re here to help you make that decision and ensure you're covered for the future. Regardless of what investment you decide to make, GreenPages can help right-size you for the future and ensure your data continues to be protected. To have further conversations about Windows 2008 and 2008 R2 and SQL 2008 and 2008 R2, please connect with your Account Executive or reach out to us!  ORIGINAL POST 7/19  Back in 2008 I still had a faceplate for my car radio, Bleeding Love by Leona Lewis was crushing the pop charts, and organic bean sprouted bread was something you’d find in the pet food aisle. It’s also the year Microsoft released Windows 2008 and SQL 2008, leaving a lasting impression like a tune you can’t get out of your head. For Windows Server 2008, it was the first Windows edition that allowed you to license for virtualization. If you recall, there used to be an Enterprise Edition of Windows 2008 that allowed for 4 VMs and if you needed 12 VMs you had to purchase 3 licenses. Datacenter provided unlimited VMs, and Standard edition both covered standalone and virtual machines.  At the time Microsoft was really making us work to understand the minutia of their licensing rules. Thank goodness Microsoft’s licensing has gotten a lot easier to understand (insert sarcasm.) Windows 2008 and 2008 R2 and SQL 2008 and 2008 R2 had a good run, and like all good things, including Leona Lewis’s career, it will be coming to an end. SQL 2008 and 2008 R2 End of Support (EOS) is July 9, 2019. Windows 2008 and 2008 R2 EOS is January 14, 2020.  Once Microsoft products go EOS, Microsoft offers ZERO support for the product, meaning they’ll no longer provide updates and patching. With no support, it would leave the product vulnerable to security threats because no fixes will be available to prevent infiltration. Security updates are mission critical. In 2016, 4.2 Billion records were stolen by hackers. Twenty percent of organizations lose customers during an attack and 30% of organizations lose revenue during an attach. Not fun!  It would be like if John Rambo retired and stopped drawing blood, which is a bad analogy because Rambo: Last Blood is being released in September. This begs that question, is this really the Last Blood? Probably not, however you can be certain the Microsoft’s “Last Blood” is actually happening. So what to do when your support goes away? Well you’ll need to think about modernizing and in this case adopting cloud. It’s a good time to seize EOS as an opportunity to transform with Microsoft’s latest technologies. A jump to Azure will allow you to migrate your Windows 2008 and 2008 R2 workloads to Azure VM or Azure SQL Database. Customers who move 2008 and 2008 R2 workloads to Azure Virtual Machines (IaaS) “as-is” will have access to Extended Security Updates for both SQL Server and Windows Server 2008 and 2008 R2 for three years after the End of Support dates for free. Those that decide to move to Azure SQL Database Managed Instance (PaaS) will have access to continuous security updates, as this is a fully managed solution. Or you could stay with on-premises licensing and upgrade to Windows 2019 or SQL Server 2017 by leveraging your Software Assurance benefits to modernize on-premises or on Azure (i.e. Azure Hybrid Benefit), to help reduce security risks and continue to get regular security updates.

Inside the CISO Role: Cyber Security Threats, Trends & Tactics

“Security is not a project. Security transcends technology…it never stops.” —Randy Becker, Vice President, Security Operations & Chief Information Security Officer In this interview, Becker discusses the pivotal role of the modern CISO and the strategies that digital-era organizations are implementing to protect their businesses in an increasingly dangerous threat landscape. 

Building a Next Gen Data Center to Leverage Public Cloud

Hear how GreenPages helped a retail management client modernize their current state infrastructure and design their target state public cloud environment to enable self-service, self-scaling, and self-provisioning.

    Related Posts