Purpose of Work:
Earlier today, Microsoft released an out-of-band (or earlier than usual) update to patch a vulnerability with the internet explorer scripting engine. Said vulnerability already has working exploits that have been encountered 'in the wild', and thus must be responded to immediately.
This vulnerability allows for remote code execution running in the context of the user that accessed an infected webpage via IE; if an admin or privileged website user gets compromised in this way, the entire server could be effectively compromised.
As such, RDS servers and any server where admins routinely use IE to perform research while looking into server issues / download programs are the most at-risk. Certain programs that use the IE backend (one example being quickbooks) may also be at-risk in some situations.
You can read more about the exploit (and patches mitigating it), here: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1367Exceptions:
2003 servers will not be affected, as there was not a patch for them ( through windows updates or otherwise ). This is typical on EOL systems like 2003 hosts, but not always the case, so it bears repeating.
We will install patch in our fully-managed windows servers. Self-managed hosts must be updated by the responsible parties, and I would recommend this happen soon.Impact of Work:
All affected hosts will be rebooted automatically / ASAP to propagate fixes, starting at 11PM MDT on Monday the 23rd.
Please fill free to contact us at firstname.lastname@example.org for any queries.