Emergency Security Patching for Fully-Managed Windows 2012+ servers - August 20, 2020

Tweet

Purpose of Work:
A privilege elevation vulnerability (CVE-2020-1530 and CVE-2020-1537) affects all supported versions of windows server so far.  This vulnerability exists when Windows Remote Access improperly handles memory or file operations. The exploit requires an attacker to have execution capabilities on the victim system. Systems hosting websites or with web-accessible services are particularly vulnerable.

Due to the ability of this vulnerability to allow privilege escalation and the wide attack surface, we will be patching and rebooting all affected, fully-managed hosts overnight.  

Standalone hypervisors would be a general exception to this, and customer-owned Windows HVs that host unmanaged VMs, but also run Windows 2012+ should have their maintenance scheduled with us, separately.

Customers with their own update infrastructure will also be scheduled separately.

Impact of Work:
All affected hosts will be rebooted automatically / ASAP to propagate fixes, starting at 10:10PM MDT on Thursday the 20th.

Internal systems on Windows 2012 and up (such as the management portal) may be temporarily impacted in the time it takes to reboot them.

Hypervisors in a failover cluster will have rolling reboots done, in order to eliminate VPS downtime on said clusters.

Any hosts not on our fully-managed domain (usually because they have their own domain) will not be impacted; the controlling organizations will be notified separately.