Blog | iRanges - #1 Team of Certified and Experienced IT Professionals in Canada
Exchange 2013

.NET 4.5.2 Update on Exchange Servers?

January 19th, 2015 Posted by Exchange 2013 No Comment yet

Microsoft Windows Update is now offering the .NET Framework 4.5.2 update as an “Important” update to Windows computers.

  • Microsoft .NET Framework 4.5.2 for Windows 8.1 and Windows Server 2012 R2 for x64-based Systems (KB2934520)
  • Microsoft .NET Framework 4.5.2 for Windows Server 2008 R2 for x64-based Systems (KB2901983)

First of all, keep in mind that both of these updates require a restart. It’s also important to mention that .NET Framework 4.5.2 is only supported and recommended for Exchange 2013 CU7, but it is being offered as an Important update to all Windows servers.

When this update is installed on your Windows servers it will re-optimize all .NET assemblies on the server when it restarts. Perfmon shows ~99% of CPU resources are in use for about 15-20 minutes while this occurs.

We recommend putting servers into maintenance mode on the load balancer prior to updating them and re-enabling them once optimization completes!

back-to-basics-graphic

N-1: Where IT Departments S….?

January 16th, 2015 Posted by IT Management & Operation No Comment yet
Being named as one of the best IT experts in Canada, iRangers team is often involved in various assessment, discovery and troubleshooting engagements. While analyzing these cases from several past years, we found some interesting commonalities. No matter which technology is being deployed, assessed or troubleshot, whether it is Microsoft, Citrix, VMware or other vendor products, there are several common themes and trends. In this post we would like to share our observations and describe these common issues, and, what is more important, explain how to avoid these problems by taking proactive steps…

(more…)

Locks

Single-Factor (password only) Authentication: It’s NOT Enough Nowadays!

January 14th, 2015 Posted by Security No Comment yet

Dell SecureWorks Counter Threat Unit(TM) (CTU) researchers discovered malware that bypasses authentication on Active Directory (AD) systems that implement single-factor (password only) authentication. Threat actors can use a password of their choosing to authenticate as any user. This malware was given the name “Skeleton Key.” (more…)

security_banner1

No More SSL 3.0 at Azure Storage Starting Feb. 20, 2015

January 10th, 2015 Posted by Microsoft, Security No Comment yet

Microsoft plans to disable Secure Sockets Layer (SSL) 3.0 encryption support in its Azure Storage service next month.

Azure Storage won’t support the SSL 3.0 security protocol starting on Feb. 20, 2015, the company announced this week. If organizations still have browsers using that that protocol after February 20, then users could experience problems connecting to the Azure Storage service, according to the announcement:

Any client/browser that uses HTTPS to connect to Azure Storage and does not utilize TLS 1.0 or higher, which supersedes SSL 3.0, will be prevented from connecting to Azure Storage when SSL 3.0 is disabled. Clients/browsers currently using HTTP to connect to Azure Storage will not be affected.

The SSL 3.0 protocol, which is being replaced by the Transport Layer Security (TLS) protocol, is subject to a man-in-the-middle type of attack called “POODLE,” or “Padding Oracle on Downgraded Legacy Encryption.” It’s an unlikely kind of attack that depends on compelling the use the older SSL 3.0 protocol in order to carry out an attack that could lead to information disclosure. Nonetheless, Microsoft has taken active measures to remove SSL 3.0 support from its various products, including Internet Explorer, Windows Server, Azure services and Office 365 services.

ssl

Vulnerability in SSL 3.0 Could Allow Information Disclosure

January 6th, 2015 Posted by Microsoft No Comment yet

In the end of 2014 it became known that the SSL protocol (specifically SSL v3) was broken and decryption of the encrypted data was possible. This is an industry-wide vulnerability affecting the SSL 3.0 protocol itself and is not specific to the Windows operating system.

All supported versions of Microsoft Windows implement this protocol and are affected by this vulnerability!

Microsoft is announcing that SSL 3.0 will be disabled in the default configuration of Internet Explorer and across Microsoft online services over the coming months. Microsoft recommends customers migrate clients and services to more secure security protocols, such as TLS 1.0, TLS 1.1 or TLS 1.2. (more…)

Page 1 of 812345...Last »