As part of their monthly update releases, Microsoft and cPanel have released Windows and cPanel critical patches for the month of April 2018.

This mail is with regards to the newly released security patches by Microsoft and cPanel for the flaws relating to all Windows 2008/2008R2/2012/2012R2 server versions.

Although, we have tested all the patches at our end but we humbly request you also, to review at your end.

We understand that security updates are often viewed as inconvenience but, in real they are the best defense against the common viruses, malware or any other security threats prevalent in the online environment.

So to minimize the risk of exposure or low performance, please perform these updates.

Please test each patch’s compatibility with your business-critical applications and software and provide us with a suitable window to apply the patches.

– Expected Downtime: 30-45 mins

– Effect of Maintenance: We shall be restarting the servers after the patch update, so there can be 30-45 mins (approx) downtime on the servers, during the maintenance window provided by you.

To know more, use ZNetLive’s 24×7 Member Panel for immediate resolution.

Important Notice: Prevention is always better than cure, so we strongly advise you to take backups to prevent data loss situations and recover your data in the event of data loss or corruption.

Our all AWS and Azure cloud customers can protect their data with the help of Snapshot backups either on their own or by purchasing them with us.

ZNetLive is not liable for any damage caused due to any data loss.

For more details, please contact our sales team.

Note:

Click here to download  the details of Windows Patches released in April 2018.
Click here to download  the details of cPanel Patches released in April 2018.

As part of their monthly security update releases, Microsoft has released Windows critical patches for the month of December 2017.

This mail is with regards to the newly released security patches by Microsoft for the flaws relating to all Windows 2008/2008R2/2012/2012R2 server versions.

Although, we have tested all the patches at our end but we humbly request you also, to review at your end.

We understand that security updates are often viewed as inconvenience but, in real they are the best defense against the common viruses, malware or any other security threats prevalent in the online environment.

So to minimize the risk of exposure or low performance, please perform these updates.

Please test each patch’s compatibility with your business-critical applications and software and provide us with a suitable window to apply the patches.

– Expected Downtime: 30-45 mins

– Effect of Maintenance: We shall be restarting the servers after the patch update, so there can be 30-45 mins (approx) downtime on the servers, during the maintenance window provided by you.

To know more, use ZNetLive’s 24×7 Member Panel for immediate resolution.

Important Notice: Our all AWS and Azure cloud customers can protect their data with the help of Snapshot backups either on their own or by purchasing them with us.

This will help you recover your data in the event of data loss or corruption.

For more details, please contact our sales team.

Note: Click here to download  the details of Windows Patches released in December 2017.

As part of their monthly update releases, Microsoft and cPanel have released Windows and cPanel critical patches for the month of September 2017.

This mail is with regards to the newly released security patches by Microsoft and cPanel for the flaws relating to all Windows 2008/2008R2/2012/2012R2 server versions.

Although, we have tested all the patches at our end but we humbly request you also, to review at your end.

We understand that security updates are often viewed as inconvenience but, in real they are the best defense against the common viruses, malware or any other security threats prevalent in the online environment.

So to minimize the risk of exposure or low performance, please perform these updates.

Please test each patch’s compatibility with your business-critical applications and software and provide us with a suitable window to apply the patches.

– Expected Downtime: 30-45 mins

– Effect of Maintenance: We shall be restarting the servers after the patch update, so there can be 30-45 mins (approx) downtime on the servers, during the maintenance window provided by you.

To know more, use ZNetLive’s 24×7 Member Panel for immediate resolution.

Important Notice: Our all AWS and Azure cloud customers can protect their data with the help of Snapshot backups either on their own or by purchasing them with us.

This will help you recover your data in the event of data loss or corruption.

For more details, please contact our sales team.

Note:

Click here to download  the details of Windows Patches released in September 2017.
Click here to download  the details of cPanel Patches released in September 2017.

This is to inform you that we are conducting an urgent maintenance activity, as our base server MB-3 is getting RAID failure issue, due to which servers WEBIDC3,WEBIDC7, BwinDB will get effected.

Please note that all the services related to the above mentioned servers will remain unavailable during this maintenance .

 Activity Time : 1 P.M. onwards on Thursday, 28^th September,2017

Communication Plan: Our helpdesk would be fully staffed & functional during the activity period. Please feel free to get in touch with our support team at support@znetlive.com, in case of any queries/doubts.

We regret any inconvenience caused due to this maintenance.

Keep visiting http://znetlivestatus.com for further updates!

———————————

Update 1 8:00 PM – Disk again not responding and some corruption in disk.  We are moving services on other server and it may take 6-8 hours.

Update 2 4:00 AM, 29th September 2017 – WebIDC3 and BwinDB server issue fixed and moved on new hardware.

Update 3 8:00 AM, 29th September 2017 – Webidc7 server movement is in progress and will take another 2-3 hours due to slow data copy from corrupted disk.

Update 4 :  Movement completed and all servers and services working fine now.

This is to inform you that we are conducting a network maintenance activity at our Noida Facility.

Scheduled Maintenance Date: Thursday, 28th September, 2017

Scheduled Maintenance Time: 12:00 AM to 2:00 AM

Expectation from your end :  If you have setup any network drive connection between server (VPS/Dedicated Servers) or NAS backup drive(VPS/Dedicated Server) then, please verify its connectivity after completing the activity.

There is no complete downtime but you may face network fluctuation during the activity. Please do not update on the server, during the scheduled activity.

Communication Plan: Our helpdesk would be fully staffed & functional during the activity period. Please feel free to get in touch with our support team at support@znetlive.com, in case of any queries/doubts.

Please be patient & support us in our endeavor of serving you with better network facility.

Thank you for your co-operation and support.

As part of their monthly update releases, Microsoft and cPanel have released Windows and cPanel critical patches for the month of August 2017.

This mail is with regards to the newly released security patches by Microsoft and cPanel for the flaws relating to all Windows 2008/2008R2/2012/2012R2 server versions.

Although, we have tested all the patches at our end but we humbly request you also, to review at your end.

We understand that security updates are often viewed as inconvenience but, in real they are the best defense against the common viruses, malware or any other security threats prevalent in the online environment.

So to minimize the risk of exposure or low performance, please perform these updates.

Please test each patch’s compatibility with your business-critical applications and software and provide us with a suitable window to apply the patches.

Expected Downtime: 30-45 mins

Effect of Maintenance: We shall be restarting the servers after the patch update, so there can be 30-45 mins (approx) downtime on the servers, during the maintenance window provided by you.

To know more, use ZNetLive’s 24×7 Member Panel for immediate resolution.

Important Notice: Our all AWS and Azure cloud customers can protect their data with the help of Snapshot backups either on their own or by purchasing them with us.

This will help you recover your data in the event of data loss or corruption.

For more details, please contact our sales team.

Note:

Click here to download the details of Windows Patches released in August 2017.
Click here to download the details of cPanel Patches released in August 2017.

As part of their monthly update releases, Microsoft and cPanel have released Windows and cPanel critical patches for the month of July 2017.

This mail is with regards to the newly released security patches by Microsoft and cPanel for the flaws relating to all Windows 2008/2008R2/2012/2012R2 server versions.

Although, we have tested all the patches at our end but we humbly request you also, to review at your end.

We understand that security updates are often viewed as inconvenience but, in real they are the best defense against the common viruses, malware or any other security threats prevalent in the online environment.

So to minimize the risk of exposure or low performance, please perform these updates.

Please test each patch’s compatibility with your business-critical applications and software and provide us with a suitable window to apply the patches.

– Expected Downtime: 30-45 mins

– Effect of Maintenance: We shall be restarting the servers after the patch update, so there can be 30-45 mins (approx) downtime on the servers, during the maintenance window provided by you.

To know more, use ZNetLive’s 24×7 Member Panel for immediate resolution.

Important Notice: Our all AWS and Azure cloud customers can protect their data with the help of Snapshot backups either on their own or by purchasing them with us.

This will help you recover your data in the event of data loss or corruption.

For more details, please contact our sales team.

Note:

Click here to download  the details of Windows Patches released in July 2017.
Click here to download  the details of cPanel Patches released in July 2017.

As part of their monthly update releases, Microsoft, cPanel and Plesk have released Windows and Linux critical patches for the month of June 2017.

This mail is with regards to the newly released security patches by Microsoft, Plesk and cPanel for the flaws relating to all Windows 2008/2008R2/2012/2012R2 server and Linux server versions.

Although, we have tested all the patches at our end but we humbly request you also, to review at your end.

We understand that security updates are often viewed as inconvenience, but in reality, they are the best defense against common viruses, malware or any other security threats prevalent in the online environment.
So to minimize the risk of exposure or low performance, please perform these updates.

Please test each patch’s compatibility with your business-critical applications and software and provide us with a suitable window to apply the patches.

– Expected Downtime: 30-45 mins

– Effect of Maintenance: We shall be restarting the servers after the patch update, so there can be 30-45 mins (approx) downtime on the servers, during the maintenance window provided by you.

To know more, use ZNetLive’s 24×7 Member Panel for immediate resolution.

Important Notice: Our all AWS and Azure cloud customers can protect their data with the help of Snapshot backups either on their own or by purchasing them with us.

This will help you recover your data in the event of data loss or corruption.

For more details, please contact our sales team.

Note:

Click here to download  the details of Windows Patches released in June, 2017.
Click here to download  the details of Linux Patches released in June, 2017.
Click here to download  the details of cPanel/Plesk Patches released in June, 2017.

As part of their monthly update releases, Microsoft, cPanel  and Plesk have released Windows and Linux critical patches for the month of May 2017.

This mail is with regards to the newly released security patches by Microsoft, Plesk and cPanel for the flaws relating to all Windows 2008/2008R2/2012/2012R2 server and Linux server versions .

Although, we have tested all the patches at our end but we humbly request you also, to review at your end.

We understand that security updates are often viewed as inconvenience but in real they are the best defense against the common viruses, malware or any other security threats prevalent in the online environment.

So to minimize the risk of exposure or low performance, please perform these updates.

Please test each patch’s compatibility with your business-critical applications and software and provide us with a suitable window to apply the patches.

Expected Downtime: 30-45 mins

Effect of Maintenance: We shall be restarting the servers after the patch update, so there can be 30-45 mins (approx) downtime on the servers, during the maintenance window provided by you.

To know more, use ZNetLive’s 24×7 Member Panel for immediate resolution.

Important Notice: Our all AWS and Azure cloud customers can protect their data with the help of Snapshot backups either on their own or by purchasing them with us.

This will help you recover your data in the event of data loss or corruption.

For more details please contact to our sales team.

Note:

Click here to download the details of Windows Patches released in May, 2017.
Click here to download the details of Linux  Patches  released in  May, 2017.
Click here to download the details of cPanel/Plesk Patches  released in  May, 2017.

Aligning to industry best practices and standards of providing the best services to you, we publish security advisories that are designed to provide timely information to all our esteemed customers.

Advisories are a way for ZNetLive to communicate security information to customers about the issues that may not be classified as vulnerabilities and may not require a security bulletin.

Below are the threat information shared regarding recent critical vulnerabilities/threat reported.

WannaCry Ransomware That’s Hitting World Right Now Uses NSA Windows Exploit

A massive ransomware campaign hit computer systems of hundreds of private companies and public organizations across the globe – which is believed to be the most massive ransomware delivery campaign to date. The Ransomware has been identified as a variant of ransomware known as WannaCry also known as ‘Wana Decrypt0r,’ ‘WannaCryptor’ or ‘WCRY’.

Ransomware Using NSA’s Exploit to Spread Rapidly

Most interesting about this ransomware is that WannaCry attackers are leveraging a Windows exploit harvested from the NSA called EternalBlue, which was dumped by the Shadow Brokers hacking group over a month ago. Microsoft released a patch for the vulnerability in March (MS17-010), but many users and organizations who did not patch their systems are open to attacks. The exploit has the capability to penetrate into machines running unpatched version of Windows XP through 2008 R2 by exploiting flaws in Microsoft Windows SMB Server. Once a single computer in organization is hit by the WannaCry ransomware, the worm looks for other vulnerable computers and infects them as well.

Who are affected?

Like other nasty ransomware variants, WannaCry also blocks access to a computer or its files and demands money to unlock it. Once infected with the WannaCry ransomware, victims are asked to pay up to $300 in order to remove the infection from their PCs; otherwise, their PCs render unusable, and their files remain locked.
The ransomware targeted over 45,000 computers in 74 countries, including United States, Russia, Germany, Turkey, Italy, Philippines and Vietnam, and that the number was still growing

How to Protect Yourself from WannaCry:

1) First of all, patch your Windows machines and servers against EternalBlue exploit (MS17-010)
2) You should always be suspicious of uninvited documents sent an email and should never click on links inside those documents unless verifying the source.
3) Keep a good backup routine in place that makes their copies to an external storage device that is not always connected to your PC.
4) Make sure that you run an active anti-virus security suite of tools on your system, and most importantly, always browse the Internet safely.

Reference: https://www.tripwire.com/state-of-security/latest-security-news/wannacryptor-ransomware-strikes-nhs-hospitals-telefonica-and-others/

Threat Summary: Massive vulnerability in Windows Defender leaves most Windows PCs vulnerable

Microsoft patched a severe code-execution vulnerability in the malware protection engine that is used in almost every recent version of Windows (7, 8, 8.1, 10, and Server 2016), just three days after it came to its attention. Notably, Windows Defender is installed by default on all consumer-oriented Windows PCs. The exploit allows a remote attacker to take over a system without any interaction from the system owner: it’s simply enough for the attacker to send an e-mail or instant message that is scanned by Windows Defender. Likewise, anything else that is automatically scanned by Microsoft’s malware protection engine – websites, file shares—could be used as an attack vector.

Google Project Zero researchers who discovered the flaw, warned that exploits were “wormable,” meaning they could lead to a self-replicating chain of attacks that moved from vulnerable machine to vulnerable machine.

The Google researchers found that MsMpEngine contains a component called NScript that analyses any file system or network activity that looks like JavaScript. NScript isn’t sandboxed and runs at a very high privilege level, and it’s used to evaluate untrusted code by default on almost every modern Windows system. NScript can be exploited with a few lines of JavaScript, which can be injected via a specially crafted Web page, e-mail, or just about any other attack vector.

Who are affected?

Microsoft says the risk of remote code execution is lower on Windows 10 and Windows 8.1 because of CFG, a security feature that protects against memory corruption. CFG is an optional compilation flag in Visual Studio 2015.

Reference: https://arstechnica.com/information-technology/2017/05/windows-defender-nscript-remote-vulnerability/

Threat Summary: Microsoft Issues Patches for Another Four Zero-Day Vulnerabilities

As part of this month’s Patch, Microsoft has released security patches for a total of 55 vulnerabilities across its products, including fixes for four zero-day vulnerabilities being exploited in the wild.. Just, Microsoft released an emergency out-of-band update separately to patch a remote execution bug in Microsoft’s Antivirus Engine that comes enabled by default on Windows 7, 8.1, RT, 10 and Server 2016 operating systems.

Affected Software:

Out of 55 vulnerabilities, 17 have been rated as critical and affect the company’s main operating systems, along with other products like Office, Edge, Internet Explorer, and the malware protection engine used in most of the Microsoft’s anti-malware products.

First Zero-Day Vulnerability (CVE-2017-0261)

This vulnerability could be exploited by tricking victims into opening a file containing a malformed graphics image in an email. The=is vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically.

Who are affected?

Affects the 32- and 64-bit versions of Microsoft Office 2010, 2013 and 2016, and resides in how Office handles Encapsulated PostScript (EPS) image files, leading to remote code execution (RCE) on the system.

Second Zero-Day Vulnerability (CVE-2017-0262)

FireEye and ESET researchers believe that the APT28 hacking group, also known as Fancy Bear, or Pawn Storm, was actively using this EPS-related Microsoft Office zero-day vulnerability which leads to remote code execution on opening a malformed file.

Third Zero-Day Vulnerability (CVE-2017-0263)

The third zero-day bug is an elevation of privilege (EoP) vulnerability in all supported versions of Microsoft’s Windows operating system.

Fourth Zero-Day Vulnerability (CVE-2017-0222)

Another zero-day vulnerability affects Internet Explorer 10 and 11 and resides in how Internet Explorer handles objects in memory.

Reference: http://thehackernews.com/2017/05/patch-windows-zero-days.html

Microsoft Malware Protection Engine Remote Code Execution Vulnerability- CVE-2017-0290

Overview

The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the Local System account and take control of the system.

Who are affected?

The following software versions or editions are affected. Versions or editions that are not listed are either past their support life cycle or are not affected.

• Microsoft Forefront Endpoint Protection 2010
• Microsoft Endpoint Protection
• Microsoft Forefront Security for SharePoint Service Pack 3
• Microsoft System Center Endpoint Protection
• Microsoft Security Essentials
• Windows Defender for Windows 7
• Windows Defender for Windows 8.1
• Windows Defender for Windows RT 8.1
• Windows Defender for Windows 10, Windows 10 1511,
• Windows 10 1607, Windows Server 2016, Windows 10 1703
• Windows Intune Endpoint Protection

Microsoft Malware Protection Engine Remote Code Execution Vulnerability – CVE-2017-0290

An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, a specially crafted file must be scanned by an affected version of the Microsoft Malware Protection Engine.

There are many ways that an attacker could place a specially crafted file in a location that is scanned by the Microsoft Malware Protection Engine. For example, an attacker could use an email message or in an Instant Messenger message, websites that accept or host user-provided content, to upload a specially crafted file to a shared location that is scanned by the Malware Protection Engine running on the hosting server.

Who are affected?

All systems running an affected version of antimalware software are primarily at risk.

Reference: https://technet.microsoft.com/en-us/library/security/4022344.aspx

To know more, use ZNetLive’s 24×7 Member Panel for immediate resolution.

This is to inform you that as part of its monthly update releases, Microsoft has released Windows critical patches for the month of April 2017.

This mail is with regards to the newly released critical patches by Microsoft for the flaws relating to all Windows 2008/2008R2/2012/2012R2 server versions. Although, we have tested all the patches at our end but we humbly request you also, to review at your end.

We understand that security updates are often viewed as inconvenience but in real they are the best defense against the common viruses, malware or any other security threats prevalent in the online environment.

So to minimize the risk of exposure or low performance, please perform these updates.

Please test each patch’s compatibility with your business-critical applications and software and provide us with a suitable window to apply the patches.

– Expected Downtime: 30-45 mins

– Effect of Maintenance: We shall be restarting the servers after the patch update, so there can be 30-45 mins (approx) downtime on the servers, during the maintenance window provided by you.

To know more, use ZNetLive’s 24×7 Member Panel for immediate resolution.

Note: Click here to download the details of Patches released in April, 2017.

This is to inform you that as per our security policies, we need to update our systems with best security mechanisms and keep our systems updated  up-to-the minute. To this effect, we are employing updated security mechanisms on all our servers and panels. Your member panel- ON, server access, hosting panel access, domain panel access, ftp user, database users, mail users etc. also need to be updated as a part of this security enhancement drive and thus, we request you to please change your member panel and server RDP/SSH login details on priority.

This is for increased security of your account and for the betterment of your website and so, we expect your quick support on this.

Feel free to call our help desk in case you need any further information regarding this, and we would happily assist you with it.