Name Calling Could Put Your Windows Server Under A Hacker’s Christmas Tree

By Paul Hirsch, Senior Network Engineer

To: Mr. Robot From: Your Company

To: Mr. Robot
From: Your Company

Nestled in between a list of the usual Internet Explorer and Microsoft Office vulnerabilities issued last week, Microsoft announced a nasty vulnerability in Windows DNS servers.  The “Domain Name System” is what translates friendly names like “” into the IP addresses computers use to talk to each other.   This bug may allow for an attacker to ask for a specially (spitefully) crafted name and gain access to Windows servers running the DNS service.  This includes the most important Windows server in just about any network: The Domain Controller.

The patch for “MS15-127” should be applied as soon as possible to all Windows DNS and Domain Controller servers.  If hackers are able to develop a strong exploit for this vulnerability it is likely to become very widespread.  See for more technical information.

Citon Managed Service and AEGIS+Patching customers are being patched automatically. Click here to learn more about how we can keep your systems up to date and secure.


An Ode To Windows Server 2003

By Paul Hirsch, Senior Network Engineer

Oh Windows Server 2003, I remember when you were young and vibrant.  So stable, so quick(-ish), and so much more refined than Windows 2000.  You bridged the gap between the era of the workgroup and the era of the Internet.  When you were born there was no Facebook, no You Tube, and no Grumpy Cat.  Yet you saw us through the coming of all these and more, running happily on 1GB of RAM and with only 20GB of disk space.  As time passed, many an administrator clung to you tightly instead of moving on to Windows 2008, 2008R2, 2012….  And why not?  You had just the right balance of features and simplicity.

Alas dear Windows Server 2003, now we must part ways.  As of now the great mother-ship Microsoft has cast you off, never to receive another Patch Tuesday communique.  All things must pass, and we must pass security audits, so fare thee well 2003!  As I shut down my last Windows 2003 server, with the sweet sound of “It’s So Hard To Say Goodbye To Yesterday” playing (no, not on Napster), I will enter the following epitaph:


(If this is news to you, get informed!  See Microsoft Server 2003 End Of Support Risks and Reasons to Upgrade )

No Comment — Patch Your WordPress Websites

patch - no commentBy Paul Hirsch, Senior Network Engineer 

Security researcher Jouko Pynnönen of Klikki Oy has discovered a vulnerability in the comment feature of WordPress. This elevates the power of a bad comment from being simply annoying to taking over webservers.

When mixed with “comment spam,” this may lead to a lot of compromised websites.

WordPress has released a fix. If you would like to avoid having your website defaced or used to spread malware, update your WordPress sites to 4.2.1 as soon as possible. See for more information.


Hole On The Range — Time To Patch Windows Webservers

TIMEA new vulnerability announced by Microsoft on Tuesday may allow attackers anywhere on the Internet to crash or take over Windows web servers with specially crafted HTTP (web) requests. The vulnerability is in the “Range” handling feature of Microsoft’s HTTP handling library.

This is one of the rare vulnerabilities that can be attacked directly and without having to trick humans to help. Exploits are showing up on the Internet so you best patch those Windows web servers as soon as possible!

See for details and a workaround.

Thumbs Down – BadUSB Weaponizes USB Devices

By Paul Hirsch, Citon Senior Network Engineer

At the recent Black Hat security conference in July, a pair of security researchers from Germany unveiled a new type of attack they dubbed “BadUSB.” USB thumb drives have long been used to carry viruses and malware, but this new type of attack takes things to a whole new level.

By reprogramming the firmware (the software programmed into the USB device itself), an attacker can perform all sorts of nasty things without antivirus or the usual security measure detection.LATEST SECURITY CONCERN

For example, a USB printer could be programmed to also pretend it is a USB keyboard. When the victim plugs in the printer, it would issue a set of keystrokes to download and install malware, taking over the victim’s machine. From the perspective of the machine, it would look like the user had plugged in a second keyboard and typed the commands themselves. Fake hard drives, fake network cards and all sorts of other fake devices could be flashed into just about any USB device.

The big deal with BadUSB is persistence. An infected USB keyboard, mouse, thumb drive, camera, cellphone, etc. can reinfect over and over. Reloading the computer won’t fix it. Buying a new computer won’t fix it. It’s enough to make a person paranoid.

Last week, code was released on the Internet for BadUSB, making it a very real threat to anything with a USB port. (In other words, just about every computing device in use on the planet.) The security community has started to respond with an array of defenses, but because this involves vulnerabilities in physical hardware, this problem will be with us for a long time.

There are two things you can do now to reduce the risk:

  • Don’t connect USB devices to your computer(s) unless they come from a trusted source.
  • Don’t log in as a user with local administrative rights to your computer(s).

Neither of the above prevent BadUSB attacks completely. They only reduce the chances of connecting a device with BadUSB firmware and reduce the damage a BadUSB device can do once connected.

Worried about BadUSB or security in general? Contact Citon for help.

Additional Information: