October Windows Server updates cause Hyper-V VM boot issues

By Sergiu Gatlan October 17, 2023 08:31 AM

Read this article for some update patches

According to customer reports, this month’s Patch Tuesday updates are breaking virtual machines on Hyper-V hosts, causing them to no longer boot and display “failed to start” errors.

According to complaints from Windows admins, the issue is triggered after installing KB5031361 and KB5031364 on Windows Server 2019 and Windows Server 2022 systems.

A Microsoft spokesperson told BleepingComputer that the company is aware of the issue and is investigating.

The following errors will be logged to the event viewer when trying to start a VM on an affected Hyper-V system:

Failed to start virtual machine TOOLS. Error: ‘TOOLS’ failed to start.
Failed to Power on with Error ‘Incorrect function.’
Failed to open attachment ‘vhdx_path’. Error: ‘Incorrect function.’

Administrators with impacted devices have noted that uninstalling the problematic updates resolves the issue, allowing all virtual machines (VMs) to start up without any problems.

This can be accomplished using the Windows Update Standalone Installer (WUSA) tool, which helps install and remove update packages through the Windows Update Agent API.

To fix the Hyper-V boot issues, open an elevated command prompt by clicking the Start menu, typing cmd, right-clicking the Command Prompt application, and choosing ‘Run as Administrator.’
Microsoft has yet to add this as a known issue to the Windows Health Dashboard, but, nonetheless, when it released the buggy cumulative updates, the company revised the support document for KB5031364, including and removing a known issue related to VMware ESXi.

“After installing this update on guest virtual machines (VMs) running Windows Server 2022 on some versions of VMware ESXi, Windows Server 2022 might not start up,” the now-removed known issue said.

“Only Windows Server 2022 VMs with Secure Boot enabled are affected by this issue. Affected versions of VMware ESXi are versions vSphere ESXi 7.0.x and below.”

Redmond also released emergency out-of-band Windows Server updates in January and December 2022 to fix known issues that caused Hyper-V VMs to no longer start and problems creating new VMs on some Hyper-V hosts.

Microsoft acknowledged a similar issue earlier this year affecting VMware ESXi VMs with Secure Boot after installing February 2023 cumulative updates. VMware issued emergency vSphere ESXi updates that fixed a bug causing boot issues after failing to locate a bootable operating system.

Article (https://www.bleepingcomputer.com/news/microsoft/october-windows-server-updates-cause-hyper-v-vm-boot-issues/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”

Cloud Services Status (https://mspportalpartners.net/cloud-service-status/)

Microsoft O365 Exchange Online mail delivery issues caused by anti-spam rules

By Sergiu Gatlan October 11, 2023 12:10 PM 0

Microsoft is investigating Exchange Online mail delivery issues causing “Server busy” errors and delays when receiving emails from outside organizations.
According to user reports online, the Exchange Online problems started this morning, affecting Microsoft 365 customers worldwide, across the Americas, Europe, and Asia.
Microsoft confirmed the ongoing issues this morning, at 6 AM GMT+2, saying that “some users may encounter delays receiving external email messages in Exchange Online. Affected users may see a ‘451 4.7.500 Server busy’ error message.”
“We’re analyzing sample throttling IPs from simple messages to confirm whether the issue with the portion of SOL infrastructure is causing impact, before we begin formulating a remediation plan,” the company added.
“Impact is specific to some users who are served through the affected infrastructure.”
More information on these ongoing Exchange Online issues is available under EX680695 in the Microsoft 365 admin center.
Linked to IP-address anti-spam rules

In a subsequent update, Redmond said the cause of the issues could be linked to the erroneous enforcement of IP address anti-spam rules for affected customers.
“We’ve identified that a recent service update, applied to a section of infrastructure responsible for enforcing IP address anti-spam rules, contains a change which is inadvertently causing impact,” Microsoft said.
This confirms user reports saying that, in some cases, they’re seeing thousands of emails added to the outbound queue because of Exchange Online’s spam filter.
Microsoft has yet to confirm the regions affected by this Exchange Online outage and if it also impacts Exchange Online outgoing mail delivery.

Today’s incident follows Article emultiple Exchange Online outages since the start of the year,(https://www.bleepingcomputer.com/news/microsoft/new-microsoft-365-outage-causes-exchange-online-connectivity-issues/) blocking customers worldwide from accessing their mailboxes and sending or receiving emails.

Article (https://www.bleepingcomputer.com/news/microsoft/new-microsoft-365-outage-causes-exchange-online-connectivity-issues/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”

We do have a solution..

Microsoft 365 admins warned of new Google anti-spam rules

By Sergiu Gatlan October 8, 2023 11:09 AM

After you read this article you will understand why I do not carry O365 nor Google products in my security lines.
To all MSP’s/ Vars get ready you work load is about to get very heavy supporting you clients

Microsoft 365 email senders were warned by Microsoft this week to authenticate outbound messages, a move prompted by Google’s recent announcement of stricter anti-spam rules for bulk senders.

“By setting up email authentication for your domain, you can ensure that your messages are less likely to be rejected or marked as spam by email providers like Gmail, Yahoo, AOL, Outlook.com,” the Microsoft Defender for Office 365 team said.

“This is especially important when sending bulk email (large volume email), as it helps maintain the deliverability and reputation of your email campaigns.”

Failure to follow newly announced email authentication standards might lead to emails being rejected or tagged as spam.

Microsoft also warned that the Microsoft 365 service should not be used for bulk emailing, as emails not following sending limits will be blocked or sent to special high-risk delivery pools by outbound spam controls built within Exchange Online Protection (EOP).

Those who want to send bulk emails should use their own on-premises email servers or third-party mass mailing providers, which will help ensure good email-sending practices.

Organizations that want to deliver bulk emails through EOP will have to abide by this outbound spam protection guidance:

Exercise caution not to exceed the sending limits in the service by sending emails at a high rate or volume. This includes refraining from sending emails to a large list of BCC recipients.
Refrain from using addresses in your primary email domain as senders for bulk emails, as it may impact the delivery of regular emails from senders within the domain. Instead, consider utilizing a custom subdomain exclusively for bulk email.
Ensure that any custom subdomains are configured with email authentication records in DNS, including SPF, DKIM, and DMARC.
However, Microsoft cautioned that even “following these recommendations does not guarantee delivery. If your email is rejected as bulk, send it through on-premises or a third-party provider instead.”

Redmond’s warning was prompted by Google’s announcement regarding the introduction of new anti-spam guidelines targeting senders of over 5,000 daily emails to Gmail users.

Starting February 1st, 2024, Google will mandate senders exceeding this threshold to implement SPF/DKIM and DMARC email authentication for their domains. This measure aims to bolster defenses against email spoofing and phishing attempts.

Furthermore, bulk senders must provide Gmail recipients with a one-click option to unsubscribe from commercial emails and promptly address unsubscription requests within two days.

As part of these efforts to combat spam, Google said it will also closely monitor spam thresholds and, in cases where abusive bulk senders are identified, it will mark their emails as spam to protect users from unsolicited and potentially harmful messages.

“If you don’t meet the requirements [..], your email might not be delivered as expected, or might be marked as spam,” Google warned.

Article (https://www.bleepingcomputer.com/news/security/microsoft-365-admins-warned-of-new-google-anti-spam-rules/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”

Apple emergency update fixes new zero-day used to hack iPhones

By Sergiu Gatlan October 4, 2023 02:19 PM
Apple released emergency security updates to patch a new zero-day security flaw exploited in attacks targeting iPhone and iPad users.

“Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6,” the company said in an advisory issued on Wednesday.

The zero-day (CVE-2023-42824) is caused by a weakness discovered in the XNU kernel that enables local attackers to escalate privileges on unpatched iPhones and iPads.

While Apple said it addressed the security issue in iOS 17.0.3 and iPadOS 17.0.3 with improved checks, it has yet to reveal who found and reported the flaw.

The list of impacted devices is quite extensive, and it includes:

iPhone XS and later
iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Apple also addressed a zero-day tracked as CVE-2023-5217 and caused by a heap buffer overflow weakness in the VP8 encoding of the open-source libvpx video codec library, which could allow arbitrary code execution following successful exploitation.

The libvpx bug was previously patched by Google in the Chrome web browser and by Microsoft in its Edge, Teams, and Skype products.

CVE-2023-5217 was discovered by security researcher Clément Lecigne who is part of Google’s Threat Analysis Group (TAG), a team of security experts known for often finding zero-days abused in government-backed targeted spyware attacks targeting high-risk individuals.
17 zero-days exploited in attacks fixed this year

CVE-2023-42824 is the 17th zero-day vulnerability exploited in attacks that Apple has fixed since the start of the year.

Apple also recently patched three other zero-day bugs (CVE-2023-41991, CVE-2023-41992, and CVE-2023-41993) reported by Citizen Lab and Google TAG researchers and exploited in spyware attacks to install Cytrox’s Predator spyware.

Citizen Lab disclosed two other zero-days (CVE-2023-41061 and CVE-2023-41064)—fixed by Apple last month—abused as part of a zero-click exploit chain (dubbed BLASTPASS) to infect fully patched iPhones with NSO Group’s Pegasus spyware.

Since January 2023, Apple has addressed a total of 17 zero-days exploited to target iPhones and Macs, including:

two zero-days (CVE-2023-37450 and CVE-2023-38606) in July
three zero-days (CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439) in June
three more zero-days (CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373) in May
two zero-days (CVE-2023-28206 and CVE-2023-28205) in April
and another WebKit zero-day (CVE-2023-23529) in February

Today’s iOS 17.0.3 release also addresses a known issue causing iPhones running iOS 17.0.2 and lower to overheat.

“This update provides important bug fixes, security updates, and addresses an issue that may cause iPhone to run warmer than expected,” Apple said.

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”

New Site Status Page (https://cloudstatus.mspportalpartners.net)