The month of April was busy month with SQL Server 2017 being announced, Windows 10 telemetry data collection revealed and the Shadow Brokers releasing a new batch of Windows exploits.
Microsoft have officially launched SQL Server 2017 from 19 April 2017. This version promises to be the fastest, most secure data platform with built-in AI. SQL Server 2017 is now available on Linux, Linux-based Docker containers, and Windows with some exciting features: R and Python, adaptive query plans and resumable online index rebuild to name a few. For more information on the release click here for more about Python read this blog by Gavin Payne
Below are the Windows exploits released by the Shadows Brokers, several exploits were against the Remote Desktop Protocol, Kerberos and Outlook Web App. Below are the exploits that have been identified that effect our supported Windows environments.
- ETERNALROMANCE: is a remote SMB1 exploit, which targets Windows Server 2008, 2008 R2.
- Eternalsynergy: this is a remote code execution against SMB
- Eternalblue: SMBv1 remote unauthenticated exploit, which targets Windows Server 2008 R2
The above exploits have been addressed my Microsoft and updates for the exploits have been consolidated in MS17–010 (https://technet.microsoft.com/en-us/library/security/ms17-010.aspx ).
Windows Critical Updates:
- April 11, 2017: KB4015549 (Monthly Rollup): Windows Server 2008 R2 for x64-based Systems Service Pack 1
- April, 2017: KB4015550 (Security Monthly Quality Rollup): Windows Server 2012 R2 (Server Core installation)
- April 11, 2017: KB3211308 Security update for the Hyper-V vulnerability in Windows Server 2008: Windows Server 2008 for x64-based Systems Service Pack 2
- April 11, 2017: KB4015551 (Monthly Rollup): Windows Server 2012
SQL Server Updates:
- 19 April: SQL Server 2017 Community Technical Preview 2.0 (CTP2.0)
- 18 April SQL Server 2014 Service Pack 2 Cumulative update package 5 (CU5)
- 18 April SQL Server 2014 Service Pack 1 Cumulative update package 12 (CU12)
Recent News Articles:
- Just a Pair of These $11 Radio Gadgets Can Steal a Car https://www.com/2017/04/just-pair-11-radio-gadgets-can-steal-car/
- WikiLeaks Unveil CIA’s Man in the Middle Attack Tool http://thehackecom/2017/05/cia-mitm-hacking-tool.html
- Warning over fake bank websites targeting British savers http://www.telegraco.uk/technology/2017/05/02/warning-fake-bank-websites-targeting-british-savers/