KB2992611 Breaks More than Web Servers

17 Nov 2014
November 17, 2014

This will be a short’ish post because I’m still trembling from the trauma…

I applied Windows Updates to a client’s production servers yesterday morning. Normally I wait an extra week to give things a chance to “shake out” and get tested in Dev (and other client’s servers) before I apply updates to production, but this time I saw KB2992611 in the announcements and wanted it installed ASAP.

This security update resolves a privately reported vulnerability in the Microsoft Secure Channel (Schannel) security package in Windows. The vulnerability could allow remote code execution if an attacker sends specially crafted packets to a Windows server.

Things were fine yesterday (low load) but once the load started ramping up today the web server was pretty much at 100% CPU – most of it in LSASS.EXE. Everything was very slow and painful. Lots of research, hours of trial and error – including rolling back yesterday’s updates – to no avail. Very frustrating.

As spirits were plummeting, Hans, the client’s resident genius, found this “Microsoft does it again” article. We then realized we should be removing this patch from ALL tiers of the application, not just the front-end. Removed it from the database server and middle app server and then the web server’s load dropped back to normal range. Time for a beer.

Moral of the story? Don’t always focus on the server with high CPU. Look at all the dependencies, especially when you know/suspect you have a bad update in the mix.

Relocate Dropbox to a Removable Drive

05 Oct 2014
October 5, 2014

Most of my recent rigs have had 120 GB SSD drives as primary drives and then something larger and slower/magnetic for data. However, the tablet I recently bought only has the 1 SSD drive.

While that isn’t really a problem, the fact that my Dropbox library keeps getting larger and larger is making it a problem. “No problem,” thought I. “I’ll just toss in a 32 GB microSD drive. That’ll fix it.”

Well, Dropbox doesn’t let you relocate it to removable drives:

No Removable Media dialog

If only there was a way to use removable storage in a way that “looked” permanent… Oh, but there is. The windows utility mklink is the answer here.

I created a “C:\SD” directory on the SSD. My microSD card was at G:\. I then typed the following command:

mklink /d /J C:\SD G:\

Problem solved. Back to Dropbox and tell it I want to relocate my files to C:\SD\Dropbox and it was quite happy.

Java: Suppress Sponsor Offers

25 Aug 2014
August 25, 2014

While it is popular and common to suggest that we should avoid installing Java if we’re security conscious – or at least not enable it in our browsers – sometimes that’s just not an option. For instance, the web application that I spend my days in needs Java to be fully functional.

Java upgrades are a drag. One of the worst aspects has been to remember to uncheck the current sponsor stuff. Nope, I don’t need an Ask Toolbar and I really don’t want MacAfee Security Center installed. Ever!

If you feel the same way, you will love this new option at the bottom of the Advanced tab in the Java Control Panel:

Suppress sponsor offers when installing or updating Java

That’s pretty great.  You can find the Java Control Panel in your Windows Control Panel. If running Windows 8 or 8.1 just hit the windows key and type Java Control and search will turn it up as well.


The Trio of Despair

12 Aug 2014
August 12, 2014

Our cast of characters:

  1. Firefox – my favorite web browser
  2. LastPass – my chosen (and favorite) password management utility
  3. N-Central – the web based RMM (remote monitoring and management app) with which I spend my days getting my job done.

For years these 3 got along great. They were friends. They laughed, they told stories and were generally great pals. Oh, the productive times they had!

Then something changed early this year. What changed? Nobody remembers. It was too long ago and the change was initially too subtle to be immediately obvious. But boy did something change.

Read more →