fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

New Windows Server Updates Cause DC Boot Loops, Break Hyper-V

New Windows Server Updates Cause DC Boot Loops, Break Hyper-V

The latest Windows Server updates are causing severe issues for administrators, with domain controllers having spontaneous reboots, Hyper-V not starting, and inaccessible ReFS volumes until the updates are rolled back

Yesterday, Microsoft released the Windows Server 2012 R2 KB5009624 update, the Windows Server 2019 KB5009557 update, and the Windows Server 2022 KB5009555 update as part of the January 2022 Patch Tuesday.

After installing these updates, administrators have been battling multiple issues that are only resolved after removing the updates.

Also Read: Cross Border Data Privacy- A Guide for Singapore Businesses

Windows domain controller boot loops

The most serious issue introduced by these updates is that Windows domain controllers enter a boot loop, with servers getting into an endless cycle of Windows starting and then rebooting after a few minutes.

As first reported by BornCity, this issue affects all supported Windows Server versions.

“Looks KB5009557 (2019) and KB5009555 (2022) are causing something to fail on domain controllers, which then keep rebooting every few minutes,” a user posted to Reddit.

A Windows Server administrator told BleepingComputer that they see the LSASS.exe process use all of the CPU on a server and then ultimately terminate.

As LSASS is a critical process required for Windows to operate correctly, the operating system will automatically restart when the process is terminated.

The following error will be logged to the event viewer when restarting due to a crashed LSASS process, as another user on Reddit shared.

“The process wininit.exe has initiated the restart of computer [computer_name] on behalf of user for the following reason: No title for this reason could be found Reason Code: 0x50006 Shutdown Type: restart Comment: The system process ‘C:\WINDOWS\system32\lsass.exe’ terminated unexpectedly with status code -1073741819. The system will now shut down and restart.”

Hyper-V no longer starts

In addition to the boot loops, BleepingComputer has been told by Windows administrators that after installing the patches, Hyper-V no longer starts on the server.

Also Read: How to Register Data Protection Officer (DPO) in ACRA Bizfile+

This bug primarily affects Windows Server 2012 R2 server, but other unverified reports say it affects newer versions of Windows Server.

As Hyper-V is not started, when attempting to launch a virtual machine, users will receive an error stating the following:

“Virtual machine xxx could not be started because the hypervisor is not running.”

Microsoft released security updates to fix four different Hyper-V vulnerabilities yesterday (CVE-2022-21901, CVE-2022-21900, CVE-2022-21905, and CVE-2022-21847), which are likely causing this issue.

ReFS file systems are no longer accessible

Finally, numerous admins are reporting that Windows Resilient File System (ReFS) volumes are no longer accessible or are seen as RAW (unformatted) after installing the updates.

The Resilient File System (ReFS) is a Microsoft proprietary file system that has been designed for high availability, data recovery, and high performance for very large storage volumes.

“Installed these updates tonight, in a two server Exchange 2016 CU22 DAG, running on Server 2012 R2. After a really long reboot, the server came back up with all the ReFS volumes as RAW,” explained a Microsoft Exchange administrator on Reddit.

“NTFS volumes attached were fine. I realize this is not exclusively an exchange question but it is impacting my ability to bring services for Exchange back online.”

Uninstalling the Windows Server updates made the ReFS volumes accessible again.

Yesterday, Microsoft fixed seven remote code execution vulnerabilities in ReFS, with one or more likely behind the inaccessible ReFS volumes.

These vulnerabilities are tracked as CVE-2022-21961, CVE-2022-21959, CVE-2022-21958, CVE-2022-21960, CVE-2022-21963, CVE-2022-21892, CVE-2022-21962, CVE-2022-21928.

How to fix?

Unfortunately, the only way to fix these issues is to uninstall the corresponding cumulative update for your Windows version.

Admins can do this by using one of the following commands:

Windows Server 2012 R2: wusa /uninstall /kb:KB5009624 
Windows Server 2019: wusa /uninstall /kb:KB5009557 
Windows Server 2022: wusa /uninstall /kb:KB5009555

As Microsoft bundles all security fixes into the single update, removing the cumulative update may fix the bugs, but will also remove all fixes for recently patched vulnerabilities.

Therefore, uninstalling these updates should only be done if absolutely necessary.

Not to be outdone by Windows Server, Windows 10 and Windows 11’s updates are also breaking L2TP VPN connections.

BleepingComputer has reached out to Microsoft for fixes on these issues but has not heard back at this time.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us