Vol. 19, #41 - October 13, 2014 - Issue #1001
Shellshock for Windows admins
- Editor's Corner
- From the Mailbag
- Shellshock for Windows admins
- Tip of the Week - Replacing the Windows Time Service
- Recommended for Learning
- Microsoft Virtual Academy
- Quote of the Week
- Admin Toolbox
- Admin Tools We Think You Shouldn't Be Without
- Events Calendar
- Webcast Calendar
- Register for Webcasts
- Tech Briefing
- Cloud computing
- Enterprise IT
- Windows PowerShell
- Recommended TechGenix Articles
- Recommended articles from websites in TechGenix Network
- Windows Server News
- How to go pro as a desirable cloud admin
- Skills to learn today to keep pace with tomorrow’s jobs
- Fast guide to VDI user profile management tools
- Virtualizing vCenter is a better move than you expect
- WServerNews FAVE Links
- Wild Kangaroo Street Fight In Australia
- Danny Macaskill: Mountain Biking Over The Ridge
- This Girl Can Sing Two Notes At The Same Time
- Cat Bank
- WServerNews - Product of the Week
- LinkFixer Advanced - Data Migration Should Not Equal Data Loss
- SAVE THIS NEWSLETTER so you can refer back to it later for helpful tips, tools and resources!
- FORWARD THIS NEWSLETTER to a colleague who you think might find it useful!
- SEND YOUR FEEDBACK to [email protected] if you have any comments or suggestions!
This week's newsletter is all about the Shellshock (the "BASH bug") and how it can affect Windows-based environments. Although Shellshock is primarily a UNIX/Linux problem, administrators of Windows Servers shouldn't just write it off as "not my problem" as it can indirectly impact them as we'll describe in this issue. But please understand that when I said Shellshock is "primarily a UNIX/Linux problem" I was in no sense trying to BASH that platform. I'm actually a sensitive kind of guy and would NEVER bash anyone...unless of course they deserved it as this Dilbert comic strip illustrates:
From the Mailbag
Back in Issue #999 When Microsoft calls YOU, we talked about a scam going around where someone who says they're from Microsoft Support and tells you your computer has been infected with malware and you need to follow their instructions and/or pay money immediately or the FBI or RCMP or Interpol or whatever will soon be pounding on your door. Our Issue #1000 included some feedback from readers who had been targeted by this scam, and some of their responses were hilarious. Here's a bit more reader feedback on this topic. First we'll hear from Kurt, an IS Technical Services Consultant based in Madison, Wisconsin, USA:
My daughter's boyfriend came up with a creative and hilarious response. He took the call, but behaved as though he was mistaking a microwave oven for a computer. The scammer kept trying to get him to simply press the Control key. "Ok, I'm standing in front of the computer, should I open the door now?"…"My keyboard doesn't have letters, just numbers"…[asked to press the Control key, says he is pushing the button but nothing is happening, asked to read back what it says on the key].."it says, [long pauses between letters] D … E … F ... R … O … S … T… … not that one?" Eventually, but after quite a bit of this, the 'support tech' hung up on him, which he counted as a triumph.
Our next response was from a reader named Graham:
Interested to read about the Windows support scam you have reported on. This is an old problem in the U.K., I've been getting these calls on and off for well over a year. I've had so many that I have developed a range of responses. Some are not printable, but others include:
- Playing along and asking lots of stupid questions.
- Asking one stupid question followed by a really technical one. This really confuses them. I had the caller pass me to their supervisor, at which point I dropped the stupid questions and just concentrated on asking awkward technical ones. Eventually he passed me onto his supervisor. I am quite proud of reaching level 3 on this call.
- Try and fail to follow their instructions before casually mentioning that you are on a linux machine
- Asking them to wait while you turn on your PC and them just leaving the phone to rack up their call charges.
I can also answer the question posed [by a reader named Lyle in the Mailbag section of Issue #1000] about their supposed knowledge of the Microsoft license number. What they do is tell you to type assoc on a command line which displays a list of file associations and then they tell you that the entry against .zfsendtotarget is your license number. It isn't.
This ZFSENDTOTARGET scam has been making the rounds for some time now, see here:
It seems this whole "This is Microsoft Support calling" scam has been happening for a few years in the UK but is now spreading across North America. Is it happening in mainland European countries? We'd love to hear from our readers there if they've experienced something similar.
Next, our Tip of the Week in Issue #1000 was "How to become a good troubleshooter" and a reader named Leonardo commented about this as follows:
My best advice to anyone troubleshooting anything is "don't be afraid to ask for help". If you are stuck, ask someone. Four eyes are better than two.
Another tip, "Don't ask the same questions twice. Write it down." We used to charge each other $1 at my job if we asked the same question twice. It worked.
Thanks for those two tips.
Lastly, our Tip of the Week in Issue #999 When Microsoft calls YOU was "Don't throw away those Windows 7 OEM restore disks" and several readers sent us questions concerning this. Stuart from the UK said:
With regard to reimaging those corrupted Windows 7 devices. I think that the following page tells you that you can use VL media:
What do you think?
Actually the page says you can reimage OEM systems using VL media under "certain conditions" that are spelled out in the Reimaging.pdf document you can download on that page. Specifically, you can do this "only if they are the same product and version, contain the same components, and are in the same language." For example, if your OEM PC came with Windows 7 Professional pre-installed then you can't re-image it with Windows 7 Enterprise VL media. At least that's my understanding of the language here, but IANAL so talk to your OEM vendor or Microsoft TAM to be sure you're legal. Our thanks to Stuart and a couple of other readers for clarifying this matter.
And now on to this week's main topic...
Shellshock for Windows admins
Shellshock is bad. CNET calls it "Bigger than Heartbleed":
Business Insider reported that Romanian hackers allegedly used the Shellshock but to hack Yahoo's servers:
However ZDNet now reports that Yahoo confirms their servers were infected but not by ShellShock:
But if Shellshock is a Linux/UNIX vulnerability, should Windows Server admins be concerned about it?
Unfortunately, the answer is yes.
The big picture
The best article I've found so far that describes why Windows Server admins should worry about Shellshock is this one by Troy Hunt, a Software Architect and Microsoft MVP for Developer Security based in Sydney, Australia:
In the section titled "All our things are on the Microsoft stack, are we at risk?" in his blog post above, Troy points out that "just because you operate in a predominantly Microsoft-centric environment doesn't mean that you don't have Bash running on machines servicing other discrete purposes within that environment." You may have Microsoft IIS web servers as the front end of your multi-tier web application, but before incoming traffic reaches your web servers it typically has to pass through firewalls, proxies, IDSs, and other networking components. If any of these appliances are Linux/UNIX-based they may be susceptible to compromise using Shellshock. And if one component of your infrastructure is compromised, your whole infrastructure may be compromised.
UNIX on Windows
Then there's the matter of Windows systems that have UNIX-like environments installed on them. A popular example of this is Cygwin, a collection of GNU and Open Source tools that provide functionality similar to a Linux distribution on Windows computers:
A reader named Mark who is a Technical Architect in the UK brought this to our attention by sending us the following question for the Ask Our Readers section of our newsletter:
If you're covering Shellshock in the next edition, Cygwin is vulnerable. It doesn't appear to really have an unattended install (there doesn't really appear to be an upgrade path either). Anyone's experiences of patching it (it may only be the bash component which potentially would be easy, however the servers we have it in are in scope for PCI so we may need to do a full upgrade anyway) would be gratefully received. Most examples on the web appear to be a manual update but we've around 200 servers running it which would be a tad laborious.
Does anyone have a suggestion on how Mark might automate patching Cygwin on his servers? Email us at [email protected]
Ask Our Readers: WServerNews has almost 100,000 subscribers worldwide. That's a lot of expertise to tap into. Do you need help with some issue or need advice on something IT-related? Got a question you'd like us to toss out to our readers to try and answer? Email us at [email protected]
Shellshock doesn't only impact Windows admins of large enterprises running multi-tier web applications, it can also endanger small businesses running off-the-shelf network appliances like NAS boxes. One of my colleagues drew my attention to the following security alert on the Synology website:
Windows Command Prompt
ThreatPost just reported today that "The Security Factory, a Belgian security company, reported discovering a command injection vulnerability for Windows command-line shells that takes advantage of environment variables in a similar fashion to Bash exploits":
Yikes! Where will all this end?
If you're aware of any other vectors by which Shellshock (or Shellshock-like vulnerabilities) can impact Windows Server-based infrastructures, or any other UNIX-on-Windows products like Cygwin that might be affected, or any other popular network appliances that may be vulnerable, let us know and we'll alert readers in the Mailbag section of upcoming issues of this newsletter. Send us your observations at [email protected]
Tip of the Week - Replacing the Windows Time Service
This week's tip was submitted by Geoff Bannoff who manages IT for Frontier Power, a business in Delta, BC, Canada:
I've been managing Windows Servers since the NT days. Windows Time Service never quite worked right. I've spent many, many hours over the years trying to get it working reliably. The command line syntax is awkward, and even if it's set up perfectly, it might suddenly decide to stop working. So our DCs get out of sync which causes authentication problems.
I found a great freeware program that handles setting up and monitoring of Windows Time Service. No more w32tm commands:
After running it for a couple of weeks, I could see how flakey Microsoft's built-in Windows Time Service is. These guys also sell a replacement, Domain Time II Client for $20/server. This does everything that Windows Time Service ought to do. You might not want to talk about a paid-for product, but their freeware piece solves a lot of headaches and deserves a wider audience.
I went ahead and splurged, spending 5 x $20 for Greyware's Domain Time II product--one copy for each domain controller. It's been running perfectly, doing what Microsoft's w32tm.exe was supposed to be doing but, alas, never quite did. Finding a reliable cure for a decades-long problem is quite a relief.
GOT TIPS you'd like to share with other readers? Email us at [email protected]
This week we have some new books for those of you who also have to manage Linux systems in your IT environment:
Linux with Operating System Concepts
Kali Linux Cookbook
How Linux Works: What Every Superuser Should Know
Linux Shell Scripting Cookbook, 2nd Edition
And just in case you still trust using BASH:
Command Line Kung Fu: Bash Scripting Tricks, Linux Shell Programming Tips, and Bash One-liners
Microsoft Virtual Academy
Some announcements from the Microsoft Virtual Academy:
October 14: Setting Up Your Dev Environment for Office 365
Developers, get detailed steps on what you need to get started with Office 365 development. Prepare for Exam 70-488, and get the details on SharePoint Server 2013 on-premises, stand-alone, and hybrid. Don’t miss “Setting Up Your Dev Environment for Office 365,” a Jump Start training with live Q&A, on October 14. Register today!
October 15: Deep Dive into the Office 365 app Model
Want a deep dive into building business solutions that live within the UI of SharePoint, Outlook, Word, PowerPoint, and Excel? Be sure to join this Jump Start training with live Q&A, “Deep Dive into the Office 365 App Model,” on October 15. This course builds on the popular fundamentals course. Register today!
Quote of the Week
"Action films are an extension of Greek myths which have been around since Homer's "The Iliad". Everybody's life has some mythical quality. You struggle against obstacles, you fight to get to a higher level and there are great loves. With an action film it's just more apparent. That's why people will always love action movies.." --Dolph Lundgren
Until next week,
Note to subscribers: If for some reason you don’t receive your weekly issue of this newsletter, please notify us at [email protected] and we’ll try to troubleshoot things from our end.
Concerned about data loss during a data migration? “LinkFixer Advanced” is a software tool that fixes broken links in most file types, preventing data loss. Get your free trial version today!
Veeam Task Manager for Hyper-V provides live performance monitoring metrics for CPU and memory for both host and guest VMs. Get it for free!
Is managing users and computers on Active Directory too cumbersome? Download SolarWinds terrific trio of Active Directory Admin Tools today & start saving time on Active Directory management tasks.
Check out this local admin password management solution on CodePlex. It works using GPO and custom Client-Side GPO Extension:
TreeSize Professional is a powerful and flexible hard disk space manager for Windows:
Microsoft SQL Server PASS Summit 2014 on November 4-7, 2014 in Seattle, Washington, USA
Convergence 2014 on March 16-19 in Atlanta, Georgia, USA
Microsoft will be hosting an inaugural, unified Microsoft commercial technology conference the week of May 4, 2015 in Chicago, Illinois, USA
TechEd Europe on October 27-31, 2014 in Barcelona, Spain
Convergence 2014 Europe on November 4-6, 2014 in Barcelona, Spain
Add your event
PLANNING A CONFERENCE OR OTHER EVENT you'd like to tell our 95,000 subscribers about? Contact [email protected]
Register for Webcasts
Add your Webcast
PLANNING A WEBCAST you'd like to tell our subscribers about? Contact [email protected]
Azure Virtual Networks and Cloud Services (Part 3): Communications Scenarios (CloudComputingAdmin.com)
Are IT Standards Still Relevant in a Cloud Dominated World? (The Citrix Blog)
Back to Basics: Groups vs. Organizational Units in Active Directory (WindowSecurity.com)
Active Directory Migration Considerations (Part 1) (WindowsNetworking.com)
Hyper-V Page File Considerations (VirtualizationAdmin.com)
Taking a Fresh Look at Hyper-V Clusters (Part 3) (VirtualizationAdmin.com)
Working with the Desired State Configuration Feature (Part 2) (WindowsNetworking.com)
WinRM 3.0: Manage Windows Server 2008 R2 remotely with Server Manager and PowerShell (4sysops)
How to go pro as a desirable cloud admin
The field of cloud computing is rapidly expanding, opening the door for new cloud careers and increasing the demand for cloud experts. Learn and master the skills hiring managers are seeking so you can make yourself the most qualified person for the job.
Skills to learn today to keep pace with tomorrow’s jobs
Today, most organizations have virtualized over half of their production workloads, making it clear that server virtualization is becoming a mainstream technology. As a result, there’s an increased need for virtualization expertise in enterprise IT. Learn how to stay ahead of industry trends and hone your skills for the next generation of virtualization jobs.
Fast guide to VDI user profile management tools
While you can use virtualization techniques and tools to improve your application deployment and management, third-party profile management tools have been found to offer more features and reduce storage needs. In this expert buyer’s guide, get an inside look at several popular tools and learn how they can help you reduce storage space for profiles as your user base increases.
Virtualizing vCenter is a better move than you expect
Right now, there is a great debate brewing about whether you should keep vCenter on a host, or run it virtualized – and experts from around the world are weighing in. Get some of your most pressing questions answered by industry veterans, and discover common misconceptions surrounding the case for virtualization.
This Week's Links We Like. Tips, Hints And Fun Stuff
GOT FUN VIDEOS or other fun links to suggest you'd like to recommend? Email us at [email protected]
Wild Kangaroo Street Fight In Australia
Two wild kangaroos are trying to settle an argument on a suburban street in New South Wales, Australia:
Danny Macaskill: Mountain Biking Over The Ridge
Danny impresses us yet again with his amazing bike skills, riding along the notorious Cuillin Ridgeline on the Isle of Skye in Scotland:
This Girl Can Sing Two Notes At The Same Time
Overtone singing is a voice technique where one person sings two notes at the same time:
Gi-Sang Lee from Korea and his live-action cat bank deposit box:
WServerNews - Editors
Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit and has been author or series editor for almost fifty books mostly published by Microsoft Press. Mitch is also a ten-time recipient of Microsoft's Most Valuable Professional (MVP) award for his outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com.
Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also manages research and marketing for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.