Vol. 19, #41 - October 13, 2014 - Issue #1001

Image

Shellshock for Windows admins

  1. Editor's Corner
    • From the Mailbag
    • Shellshock for Windows admins
    • Tip of the Week - Replacing the Windows Time Service
    • Recommended for Learning
    • Microsoft Virtual Academy
    • Quote of the Week
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without
  3. Events Calendar
    • Americas
    • Europe
  4. Webcast Calendar
    • Register for Webcasts
  5. Tech Briefing
    • Cloud computing
    • Enterprise IT
    • Hyper-V
    • Windows PowerShell
  6. Recommended TechGenix Articles
    • Recommended articles from websites in TechGenix Network
  7. Windows Server News
    • How to go pro as a desirable cloud admin
    • Skills to learn today to keep pace with tomorrow’s jobs
    • Fast guide to VDI user profile management tools
    • Virtualizing vCenter is a better move than you expect
  8. WServerNews FAVE Links
    • Wild Kangaroo Street Fight In Australia
    • Danny Macaskill: Mountain Biking Over The Ridge
    • This Girl Can Sing Two Notes At The Same Time
    • Cat Bank
  9. WServerNews - Product of the Week
    • LinkFixer Advanced - Data Migration Should Not Equal Data Loss

 

Data Migration Should Not Equal Data Loss

Concerned about possibly losing data during a data migration? A common source of data loss is broken file links. “LinkFixer Advanced” is a patented software tool that automatically fixes broken links within Word, Excel, PowerPoint, Access, Visio, Acrobat, AutoCAD, MicroStation, InDesign, HTML, Windows Shortcut and other files.

Get your free trial version today!

 

Editor's Corner

This week's newsletter is all about the Shellshock (the "BASH bug") and how it can affect Windows-based environments. Although Shellshock is primarily a UNIX/Linux problem, administrators of Windows Servers shouldn't just write it off as "not my problem" as it can indirectly impact them as we'll describe in this issue. But please understand that when I said Shellshock is "primarily a UNIX/Linux problem" I was in no sense trying to BASH that platform. I'm actually a sensitive kind of guy and would NEVER bash anyone...unless of course they deserved it as this Dilbert comic strip illustrates:
http://www.wservernews.com/go/1412859890314

From the Mailbag

Back in Issue #999 When Microsoft calls YOU, we talked about a scam going around where someone who says they're from Microsoft Support and tells you your computer has been infected with malware and you need to follow their instructions and/or pay money immediately or the FBI or RCMP or Interpol or whatever will soon be pounding on your door. Our Issue #1000 included some feedback from readers who had been targeted by this scam, and some of their responses were hilarious. Here's a bit more reader feedback on this topic. First we'll hear from Kurt, an IS Technical Services Consultant based in Madison, Wisconsin, USA:

My daughter's boyfriend came up with a creative and hilarious response. He took the call, but behaved as though he was mistaking a microwave oven for a computer. The scammer kept trying to get him to simply press the Control key. "Ok, I'm standing in front of the computer, should I open the door now?"…"My keyboard doesn't have letters, just numbers"…[asked to press the Control key, says he is pushing the button but nothing is happening, asked to read back what it says on the key].."it says, [long pauses between letters] D … E … F ... R … O … S … T… … not that one?" Eventually, but after quite a bit of this, the 'support tech' hung up on him, which he counted as a triumph.

Our next response was from a reader named Graham:

Interested to read about the Windows support scam you have reported on. This is an old problem in the U.K., I've been getting these calls on and off for well over a year. I've had so many that I have developed a range of responses. Some are not printable, but others include:

I can also answer the question posed [by a reader named Lyle in the Mailbag section of Issue #1000] about their supposed knowledge of the Microsoft license number. What they do is tell you to type assoc on a command line which displays a list of file associations and then they tell you that the entry against .zfsendtotarget is your license number. It isn't.

This ZFSENDTOTARGET scam has been making the rounds for some time now, see here:
http://www.wservernews.com/go/1412859964783

It seems this whole "This is Microsoft Support calling" scam has been happening for a few years in the UK but is now spreading across North America. Is it happening in mainland European countries? We'd love to hear from our readers there if they've experienced something similar.

Next, our Tip of the Week in Issue #1000 was "How to become a good troubleshooter" and a reader named Leonardo commented about this as follows:

My best advice to anyone troubleshooting anything is "don't be afraid to ask for help". If you are stuck, ask someone. Four eyes are better than two.

Another tip, "Don't ask the same questions twice. Write it down." We used to charge each other $1 at my job if we asked the same question twice. It worked.

Thanks for those two tips.

Lastly, our Tip of the Week in Issue #999 When Microsoft calls YOU was "Don't throw away those Windows 7 OEM restore disks" and several readers sent us questions concerning this. Stuart from the UK said:

With regard to reimaging those corrupted Windows 7 devices. I think that the following page tells you that you can use VL media:
http://www.wservernews.com/go/1412860007190

What do you think?

Actually the page says you can reimage OEM systems using VL media under "certain conditions" that are spelled out in the Reimaging.pdf document you can download on that page. Specifically, you can do this "only if they are the same product and version, contain the same components, and are in the same language." For example, if your OEM PC came with Windows 7 Professional pre-installed then you can't re-image it with Windows 7 Enterprise VL media. At least that's my understanding of the language here, but IANAL so talk to your OEM vendor or Microsoft TAM to be sure you're legal. Our thanks to Stuart and a couple of other readers for clarifying this matter.

And now on to this week's main topic...

Shellshock for Windows admins

Shellshock is bad. CNET calls it "Bigger than Heartbleed":
http://www.wservernews.com/go/1412860032799

Business Insider reported that Romanian hackers allegedly used the Shellshock but to hack Yahoo's servers:
http://www.wservernews.com/go/1412860037893

However ZDNet now reports that Yahoo confirms their servers were infected but not by ShellShock:
http://www.wservernews.com/go/1412860041815

But if Shellshock is a Linux/UNIX vulnerability, should Windows Server admins be concerned about it?

Unfortunately, the answer is yes.

The big picture

The best article I've found so far that describes why Windows Server admins should worry about Shellshock is this one by Troy Hunt, a Software Architect and Microsoft MVP for Developer Security based in Sydney, Australia:
http://www.wservernews.com/go/1412860046909

In the section titled "All our things are on the Microsoft stack, are we at risk?" in his blog post above, Troy points out that "just because you operate in a predominantly Microsoft-centric environment doesn't mean that you don't have Bash running on machines servicing other discrete purposes within that environment." You may have Microsoft IIS web servers as the front end of your multi-tier web application, but before incoming traffic reaches your web servers it typically has to pass through firewalls, proxies, IDSs, and other networking components. If any of these appliances are Linux/UNIX-based they may be susceptible to compromise using Shellshock. And if one component of your infrastructure is compromised, your whole infrastructure may be compromised.

UNIX on Windows

Then there's the matter of Windows systems that have UNIX-like environments installed on them. A popular example of this is Cygwin, a collection of GNU and Open Source tools that provide functionality similar to a Linux distribution on Windows computers:
http://www.wservernews.com/go/1412860052784

A reader named Mark who is a Technical Architect in the UK brought this to our attention by sending us the following question for the Ask Our Readers section of our newsletter:

If you're covering Shellshock in the next edition, Cygwin is vulnerable. It doesn't appear to really have an unattended install (there doesn't really appear to be an upgrade path either). Anyone's experiences of patching it (it may only be the bash component which potentially would be easy, however the servers we have it in are in scope for PCI so we may need to do a full upgrade anyway) would be gratefully received. Most examples on the web appear to be a manual update but we've around 200 servers running it which would be a tad laborious.

Does anyone have a suggestion on how Mark might automate patching Cygwin on his servers? Email us at [email protected]

Ask Our Readers: WServerNews has almost 100,000 subscribers worldwide. That's a lot of expertise to tap into. Do you need help with some issue or need advice on something IT-related? Got a question you'd like us to toss out to our readers to try and answer? Email us at [email protected]

NAS vulnerabilities

Shellshock doesn't only impact Windows admins of large enterprises running multi-tier web applications, it can also endanger small businesses running off-the-shelf network appliances like NAS boxes. One of my colleagues drew my attention to the following security alert on the Synology website:
http://www.wservernews.com/go/1412860160894

Windows Command Prompt

ThreatPost just reported today that "The Security Factory, a Belgian security company, reported discovering a command injection vulnerability for Windows command-line shells that takes advantage of environment variables in a similar fashion to Bash exploits":
http://www.wservernews.com/go/1412860166003

Yikes! Where will all this end?

Other vulnerabilities

If you're aware of any other vectors by which Shellshock (or Shellshock-like vulnerabilities) can impact Windows Server-based infrastructures, or any other UNIX-on-Windows products like Cygwin that might be affected, or any other popular network appliances that may be vulnerable, let us know and we'll alert readers in the Mailbag section of upcoming issues of this newsletter. Send us your observations at [email protected]

Tip of the Week - Replacing the Windows Time Service

This week's tip was submitted by Geoff Bannoff who manages IT for Frontier Power, a business in Delta, BC, Canada:
http://www.wservernews.com/go/1412860171800

I've been managing Windows Servers since the NT days. Windows Time Service never quite worked right. I've spent many, many hours over the years trying to get it working reliably. The command line syntax is awkward, and even if it's set up perfectly, it might suddenly decide to stop working. So our DCs get out of sync which causes authentication problems.

I found a great freeware program that handles setting up and monitoring of Windows Time Service. No more w32tm commands:
http://www.wservernews.com/go/1412860175878

After running it for a couple of weeks, I could see how flakey Microsoft's built-in Windows Time Service is. These guys also sell a replacement, Domain Time II Client for $20/server. This does everything that Windows Time Service ought to do. You might not want to talk about a paid-for product, but their freeware piece solves a lot of headaches and deserves a wider audience.

I went ahead and splurged, spending 5 x $20 for Greyware's Domain Time II product--one copy for each domain controller. It's been running perfectly, doing what Microsoft's w32tm.exe was supposed to be doing but, alas, never quite did. Finding a reliable cure for a decades-long problem is quite a relief.

GOT TIPS you'd like to share with other readers? Email us at [email protected]

Recommended for Learning

This week we have some new books for those of you who also have to manage Linux systems in your IT environment:

Linux with Operating System Concepts
http://www.wservernews.com/go/1412860183253

Kali Linux Cookbook
http://www.wservernews.com/go/1412860187019

How Linux Works: What Every Superuser Should Know
http://www.wservernews.com/go/1412860190785

Linux Shell Scripting Cookbook, 2nd Edition
http://www.wservernews.com/go/1412860226613

SELinux Cookbook
http://www.wservernews.com/go/1412860231285

And just in case you still trust using BASH:

Command Line Kung Fu: Bash Scripting Tricks, Linux Shell Programming Tips, and Bash One-liners
http://www.wservernews.com/go/1412860236191

Microsoft Virtual Academy

Some announcements from the Microsoft Virtual Academy:

October 14: Setting Up Your Dev Environment for Office 365  

Developers, get detailed steps on what you need to get started with Office 365 development. Prepare for Exam 70-488, and get the details on SharePoint Server 2013 on-premises, stand-alone, and hybrid. Don’t miss “Setting Up Your Dev Environment for Office 365,” a Jump Start training with live Q&A, on October 14. Register today!
http://www.wservernews.com/go/1412860241801

October 15: Deep Dive into the Office 365 app Model

Want a deep dive into building business solutions that live within the UI of SharePoint, Outlook, Word, PowerPoint, and Excel? Be sure to join this Jump Start training with live Q&A, “Deep Dive into the Office 365 App Model,” on October 15. This course builds on the popular fundamentals course. Register today!
http://www.wservernews.com/go/1412860245894

Quote of the Week

"Action films are an extension of Greek myths which have been around since Homer's "The Iliad". Everybody's life has some mythical quality. You struggle against obstacles, you fight to get to a higher level and there are great loves. With an action film it's just more apparent. That's why people will always love action movies.." --Dolph Lundgren

Until next week,
Mitch Tulloch

Note to subscribers: If for some reason you don’t receive your weekly issue of this newsletter, please notify us at [email protected] and we’ll try to troubleshoot things from our end.

Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

Concerned about data loss during a data migration? “LinkFixer Advanced” is a software tool that fixes broken links in most file types, preventing data loss. Get your free trial version today!
http://www.wservernews.com/go/1412863789566

Veeam Task Manager for Hyper-V provides live performance monitoring metrics for CPU and memory for both host and guest VMs. Get it for free!
http://www.wservernews.com/go/1412863791394

Is managing users and computers on Active Directory too cumbersome? Download SolarWinds terrific trio of Active Directory Admin Tools today & start saving time on Active Directory management tasks.
http://www.wservernews.com/go/1412863793535 

Check out this local admin password management solution on CodePlex. It works using GPO and custom Client-Side GPO Extension:
http://www.wservernews.com/go/1412863795863

TreeSize Professional is a powerful and flexible hard disk space manager for Windows:
http://www.wservernews.com/go/1412863800488

 

Events Calendar

Americas

Microsoft SQL Server PASS Summit 2014 on November 4-7, 2014 in Seattle, Washington, USA
http://www.wservernews.com/go/1412860254691

Convergence 2014 on March 16-19 in Atlanta, Georgia, USA
http://www.wservernews.com/go/1412860256801

Microsoft will be hosting an inaugural, unified Microsoft commercial technology conference the week of May 4, 2015 in Chicago, Illinois, USA
http://www.wservernews.com/go/1412860258879

Europe

TechEd Europe on October 27-31, 2014 in Barcelona, Spain
http://www.wservernews.com/go/1412860262457

Convergence 2014 Europe on November 4-6, 2014 in Barcelona, Spain
http://www.wservernews.com/go/1412860264629

Add your event

PLANNING A CONFERENCE OR OTHER EVENT you'd like to tell our 95,000 subscribers about? Contact [email protected]

 

Webcast Calendar

Register for Webcasts

Add your Webcast

PLANNING A WEBCAST you'd like to tell our subscribers about? Contact [email protected]

 

Tech Briefing

Cloud computing

Azure Virtual Networks and Cloud Services (Part 3): Communications Scenarios (CloudComputingAdmin.com)
http://www.wservernews.com/go/1412860286582

Are IT Standards Still Relevant in a Cloud Dominated World? (The Citrix Blog)
http://www.wservernews.com/go/1412860290973

 

Enterprise IT

Back to Basics: Groups vs. Organizational Units in Active Directory (WindowSecurity.com)
http://www.wservernews.com/go/1412860296067

Active Directory Migration Considerations (Part 1) (WindowsNetworking.com)
http://www.wservernews.com/go/1412860308738

 

Hyper-V

Hyper-V Page File Considerations (VirtualizationAdmin.com)
http://www.wservernews.com/go/1412860618553

Taking a Fresh Look at Hyper-V Clusters (Part 3) (VirtualizationAdmin.com)
http://www.wservernews.com/go/1412860624225

 

Windows PowerShell

Working with the Desired State Configuration Feature (Part 2) (WindowsNetworking.com)
http://www.wservernews.com/go/1412860756663

WinRM 3.0: Manage Windows Server 2008 R2 remotely with Server Manager and PowerShell (4sysops)
http://www.wservernews.com/go/1412860760679


Recommended TechGenix Articles

Preparing Your Network for the Cloud
http://www.wservernews.com/go/1413026267161
 
Using Mail Protection Reports
http://www.wservernews.com/go/1413026269396
 
The BASH Vulnerability and What it Means to System Admins
http://www.wservernews.com/go/1413026272661
 
Shellshock the bashbug vulnerability
http://www.wservernews.com/go/1413026275927
 
Taking a Fresh Look at Hyper-V Clusters (Part 4)
http://www.wservernews.com/go/1413026278802

 

Windows Server News

How to go pro as a desirable cloud admin

The field of cloud computing is rapidly expanding, opening the door for new cloud careers and increasing the demand for cloud experts. Learn and master the skills hiring managers are seeking so you can make yourself the most qualified person for the job.
http://www.wservernews.com/go/1412860766335

Skills to learn today to keep pace with tomorrow’s jobs

Today, most organizations have virtualized over half of their production workloads, making it clear that server virtualization is becoming a mainstream technology. As a result, there’s an increased need for virtualization expertise in enterprise IT. Learn how to stay ahead of industry trends and hone your skills for the next generation of virtualization jobs.
http://www.wservernews.com/go/1412860770335

Fast guide to VDI user profile management tools

While you can use virtualization techniques and tools to improve your application deployment and management, third-party profile management tools have been found to offer more features and reduce storage needs. In this expert buyer’s guide, get an inside look at several popular tools and learn how they can help you reduce storage space for profiles as your user base increases.
http://www.wservernews.com/go/1412860775116

Virtualizing vCenter is a better move than you expect

Right now, there is a great debate brewing about whether you should keep vCenter on a host, or run it virtualized – and experts from around the world are weighing in. Get some of your most pressing questions answered by industry veterans, and discover common misconceptions surrounding the case for virtualization.
http://www.wservernews.com/go/1412860779382

 

WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff

GOT FUN VIDEOS or other fun links to suggest you'd like to recommend? Email us at [email protected]

Image

Wild Kangaroo Street Fight In Australia

Two wild kangaroos are trying to settle an argument on a suburban street in New South Wales, Australia:
http://www.wservernews.com/go/1412860785632

Danny Macaskill: Mountain Biking Over The Ridge

Danny impresses us yet again with his amazing bike skills, riding along the notorious Cuillin Ridgeline on the Isle of Skye in Scotland:
http://www.wservernews.com/go/1412860791898

This Girl Can Sing Two Notes At The Same Time

Overtone singing is a voice technique where one person sings two notes at the same time:
http://www.wservernews.com/go/1412860796413

Cat Bank

Gi-Sang Lee from Korea and his live-action cat bank deposit box:
http://www.wservernews.com/go/1412860800585


WServerNews - Product of the Week

Data Migration Should Not Equal Data Loss

Concerned about possibly losing data during a data migration? A common source of data loss is broken file links. “LinkFixer Advanced” is a patented software tool that automatically fixes broken links within Word, Excel, PowerPoint, Access, Visio, Acrobat, AutoCAD, MicroStation, InDesign, HTML, Windows Shortcut and other files.

Get your free trial version today!

 

WServerNews - Editors

Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit and has been author or series editor for almost fifty books mostly published by Microsoft Press. Mitch is also a ten-time recipient of Microsoft's Most Valuable Professional (MVP) award for his outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com.

Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also manages research and marketing for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.